diff options
author | Damien Miller <djm@mindrot.org> | 2014-02-06 11:17:50 +1100 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2014-02-06 11:17:50 +1100 |
commit | 6434cb2cfbbf0a46375d2d22f2ff9927feb5e478 (patch) | |
tree | 9b2794cbddb54619dc15ba21cd2af518b3e39b88 | |
parent | 8d36f9ac71eff2e9f5770c0518b73d875f270647 (diff) |
- (djm) [sandbox-seccomp-filter.c] Not all Linux architectures define
__NR_shutdown; some go via the socketcall(2) multiplexer.
-rw-r--r-- | ChangeLog | 2 | ||||
-rw-r--r-- | sandbox-seccomp-filter.c | 2 |
2 files changed, 4 insertions, 0 deletions
@@ -1,6 +1,8 @@ 20140206 - (dtucker) [openbsd-compat/bsd-poll.c] Don't bother checking for non-NULL before freeing since free(NULL) is a no-op. ok djm. + - (djm) [sandbox-seccomp-filter.c] Not all Linux architectures define + __NR_shutdown; some go via the socketcall(2) multiplexer. 20140205 - (djm) [sandbox-capsicum.c] Don't fatal if Capsicum is offered by diff --git a/sandbox-seccomp-filter.c b/sandbox-seccomp-filter.c index dbda60ba..c0c17c2f 100644 --- a/sandbox-seccomp-filter.c +++ b/sandbox-seccomp-filter.c @@ -98,7 +98,9 @@ static const struct sock_filter preauth_insns[] = { SC_ALLOW(read), SC_ALLOW(write), SC_ALLOW(close), +#ifdef __NR_shutdown /* not defined on archs that go via socketcall(2) */ SC_ALLOW(shutdown), +#endif SC_ALLOW(brk), SC_ALLOW(poll), #ifdef __NR__newselect |