[linux seccomp] Allow getpid to worker and main

Stats requires getpid now in the worker threads. Main thread requires it to generate coverage in debug mode.
author: Stanisław Pitucha <viraptor@gmail.com> 2017-05-11 22:29:27 +1000
committer: dormando <dormando@rydia.net> 2017-08-23 23:59:11 -0700
commit: 71b23852491444457c383b297925b97f7a31f7df (patch)
tree: 8092d0ebf6c50e2eb6502609844fd12c7c345a4d /linux_priv.c
parent: 78c260a2ea8a3662720562ef2c0364eac36dfa4a (diff)
download: memcached-71b23852491444457c383b297925b97f7a31f7df.tar.gz
1 files changed, 2 insertions, 0 deletions
diff --git a/linux_priv.c b/linux_priv.c
index 811d6e8..04155dd 100644
--- a/linux_priv.c
+++ b/linux_priv.c
@@ -33,6 +33,7 @@ void drop_privileges(void) {
     rc |= seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(read), 0);
     rc |= seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(lseek), 0);
     rc |= seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(close), 0);
+    rc |= seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(getpid), 0);
 #endif
 
     if (rc != 0) {
@@ -78,6 +79,7 @@ void drop_worker_privileges(void) {
 
     // stat
     rc |= seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(getsockname), 0);
+    rc |= seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(getpid), 0);
 
     if (settings.shutdown_command) {
         rc |= seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(tgkill), 0);
author	Stanisław Pitucha <viraptor@gmail.com>	2017-05-11 22:29:27 +1000
committer	dormando <dormando@rydia.net>	2017-08-23 23:59:11 -0700
commit	71b23852491444457c383b297925b97f7a31f7df (patch)
tree	8092d0ebf6c50e2eb6502609844fd12c7c345a4d /linux_priv.c
parent	78c260a2ea8a3662720562ef2c0364eac36dfa4a (diff)
download	memcached-71b23852491444457c383b297925b97f7a31f7df.tar.gz