diff options
author | Damien Miller <djm@mindrot.org> | 2014-01-31 09:25:34 +1100 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2014-01-31 09:25:34 +1100 |
commit | 7e5cec6070673e9f9785ffc749837ada22fbe99f (patch) | |
tree | 33f3131fde802ea4da8346c2838dae62766275ca | |
parent | cdb6c90811caa5df2df856be9b0b16db020fe31d (diff) |
- (djm) [sandbox-seccomp-filter.c sandbox-systrace.c] Allow shutdown(2)
syscall from sandboxes; it may be called by packet_close.
-rw-r--r-- | ChangeLog | 4 | ||||
-rw-r--r-- | sandbox-seccomp-filter.c | 1 | ||||
-rw-r--r-- | sandbox-systrace.c | 1 |
3 files changed, 6 insertions, 0 deletions
@@ -1,3 +1,7 @@ +20140131 + - (djm) [sandbox-seccomp-filter.c sandbox-systrace.c] Allow shutdown(2) + syscall from sandboxes; it may be called by packet_close. + 20140130 - (djm) [configure.ac] Only check for width-specified integer types in headers that actually exist. patch from Tom G. Christensen; diff --git a/sandbox-seccomp-filter.c b/sandbox-seccomp-filter.c index 2f73067e..dbda60ba 100644 --- a/sandbox-seccomp-filter.c +++ b/sandbox-seccomp-filter.c @@ -98,6 +98,7 @@ static const struct sock_filter preauth_insns[] = { SC_ALLOW(read), SC_ALLOW(write), SC_ALLOW(close), + SC_ALLOW(shutdown), SC_ALLOW(brk), SC_ALLOW(poll), #ifdef __NR__newselect diff --git a/sandbox-systrace.c b/sandbox-systrace.c index 53fbd47c..3d467783 100644 --- a/sandbox-systrace.c +++ b/sandbox-systrace.c @@ -66,6 +66,7 @@ static const struct sandbox_policy preauth_policy[] = { { SYS_munmap, SYSTR_POLICY_PERMIT }, { SYS_read, SYSTR_POLICY_PERMIT }, { SYS_select, SYSTR_POLICY_PERMIT }, + { SYS_shutdown, SYSTR_POLICY_PERMIT }, { SYS_sigprocmask, SYSTR_POLICY_PERMIT }, { SYS_write, SYSTR_POLICY_PERMIT }, { -1, -1 } |