diff options
author | Philip Withnall <philip@tecnocode.co.uk> | 2017-01-21 23:05:08 +0000 |
---|---|---|
committer | Philip Withnall <philip@tecnocode.co.uk> | 2017-01-22 13:05:55 +0000 |
commit | fd995f87c8bfe7aba46dc066dd2ea5183b9fd810 (patch) | |
tree | d7c2c72efd1789c4f234ead4e55f9462dc81270e | |
parent | a103a93da982717bab3a14d698a1224b00dc7527 (diff) | |
download | tracker-fd995f87c8bfe7aba46dc066dd2ea5183b9fd810.tar.gz |
tracker-seccomp: Add checks for mlock2() and getrandom() syscalls
On older kernels, these syscalls did not exist, so the __NR_* syscall
number definition does not exist for them, and compilation fails. Make
the seccomp rules for them conditional on the syscall numbers existing.
https://bugzilla.gnome.org/show_bug.cgi?id=777591
-rw-r--r-- | src/libtracker-common/tracker-seccomp.c | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/src/libtracker-common/tracker-seccomp.c b/src/libtracker-common/tracker-seccomp.c index 0c7589550..71f6a432f 100644 --- a/src/libtracker-common/tracker-seccomp.c +++ b/src/libtracker-common/tracker-seccomp.c @@ -60,7 +60,9 @@ tracker_seccomp_init (void) ALLOW_RULE (mprotect); ALLOW_RULE (madvise); ERROR_RULE (mlock, EPERM); +#ifdef __NR_mlock2 ERROR_RULE (mlock2, EPERM); +#endif ERROR_RULE (munlock, EPERM); ERROR_RULE (mlockall, EPERM); ERROR_RULE (munlockall, EPERM); @@ -119,7 +121,9 @@ tracker_seccomp_init (void) ALLOW_RULE (uname); ALLOW_RULE (sysinfo); ALLOW_RULE (prctl); +#ifdef __NR_getrandom ALLOW_RULE (getrandom); +#endif ALLOW_RULE (clock_gettime); ALLOW_RULE (clock_getres); ALLOW_RULE (gettimeofday); |