projects / systemd / .git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 40fadab) | patch
seccomp: allowlist uretprobe() syscall
authorLennart Poettering <lennart@poettering.net>
Fri, 11 Oct 2024 07:46:14 +0000 (09:46 +0200)
committerLennart Poettering <lennart@poettering.net>
Fri, 11 Oct 2024 09:57:40 +0000 (11:57 +0200)
commitd693c483a2bb3eae490fd78d68fc16d0a731fee2
tree0105ada29b202743b43f24ac18e859386c4b854atree | snapshot
parent40fadab195e157a0b36bc832e448e35aa4878234commit | diff
seccomp: allowlist uretprobe() syscall

This is a new syscall provided by the kernel used to implement faster
uprobes. It's not supposed to be called by userspace, but only by kernel
generated uprobe code.

It should be fine to allow this, as the kernel authenticates the
invocation itself, and we shouldn't break compat with things.

Note that this allowlisting is not sufficient to make ureprobe() work.
libseccomp must be tought the syscall too, but this can happen
independently.

Fixes: #34615
src/shared/seccomp-util.c diff | blob | history
https://github.com/systemd/systemd.git