- (djm) [sandbox-seccomp-filter.c] Not all Linux architectures define

__NR_shutdown; some go via the socketcall(2) multiplexer.
author: Damien Miller <djm@mindrot.org> 2014-02-06 11:17:50 +1100
committer: Damien Miller <djm@mindrot.org> 2014-02-06 11:17:50 +1100
commit: 6434cb2cfbbf0a46375d2d22f2ff9927feb5e478 (patch)
tree: 9b2794cbddb54619dc15ba21cd2af518b3e39b88
parent: 8d36f9ac71eff2e9f5770c0518b73d875f270647 (diff)
2 files changed, 4 insertions, 0 deletions
diff --git a/ChangeLog b/ChangeLog
index 3867fd37..6289bfe2 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,6 +1,8 @@
 20140206
  - (dtucker) [openbsd-compat/bsd-poll.c] Don't bother checking for non-NULL
    before freeing since free(NULL) is a no-op.  ok djm.
+ - (djm) [sandbox-seccomp-filter.c] Not all Linux architectures define
+   __NR_shutdown; some go via the socketcall(2) multiplexer.
 
 20140205
  - (djm) [sandbox-capsicum.c] Don't fatal if Capsicum is offered by
diff --git a/sandbox-seccomp-filter.c b/sandbox-seccomp-filter.c
index dbda60ba..c0c17c2f 100644
--- a/sandbox-seccomp-filter.c
+++ b/sandbox-seccomp-filter.c
@@ -98,7 +98,9 @@ static const struct sock_filter preauth_insns[] = {
 	SC_ALLOW(read),
 	SC_ALLOW(write),
 	SC_ALLOW(close),
+#ifdef __NR_shutdown /* not defined on archs that go via socketcall(2) */
 	SC_ALLOW(shutdown),
+#endif
 	SC_ALLOW(brk),
 	SC_ALLOW(poll),
 #ifdef __NR__newselect
author	Damien Miller <djm@mindrot.org>	2014-02-06 11:17:50 +1100
committer	Damien Miller <djm@mindrot.org>	2014-02-06 11:17:50 +1100
commit	6434cb2cfbbf0a46375d2d22f2ff9927feb5e478 (patch)
tree	9b2794cbddb54619dc15ba21cd2af518b3e39b88
parent	8d36f9ac71eff2e9f5770c0518b73d875f270647 (diff)