upstream commit

add getpid to sandbox, reachable by grace_alarm_handler reported by Jakub Jelen; bz#2419 Upstream-ID: d0da1117c16d4c223954995d35b0f47c8f684cd8
author: djm@openbsd.org <djm@openbsd.org> 2015-06-29 22:35:12 +0000
committer: Damien Miller <djm@mindrot.org> 2015-06-30 08:36:34 +1000
commit: 512caddf590857af6aa12218461b5c0441028cf5 (patch)
tree: fd1beaf73f1494a669187f985b7070c704c18384
parent: 78c2a4f883ea9aba866358e2acd9793a7f42ca93 (diff)
2 files changed, 5 insertions, 1 deletions
diff --git a/sandbox-seccomp-filter.c b/sandbox-seccomp-filter.c
index ef9d6fa2..2462bcc8 100644
--- a/sandbox-seccomp-filter.c
+++ b/sandbox-seccomp-filter.c
@@ -141,6 +141,9 @@ static const struct sock_filter preauth_insns[] = {
 #ifdef __NR_exit_group
 	SC_ALLOW(exit_group),
 #endif
+#ifdef __NR_getpgid
+	SC_ALLOW(getpgid),
+#endif
 #ifdef __NR_getpid
 	SC_ALLOW(getpid),
 #endif
diff --git a/sandbox-systrace.c b/sandbox-systrace.c
index f8a55289..03b0d40c 100644
--- a/sandbox-systrace.c
+++ b/sandbox-systrace.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sandbox-systrace.c,v 1.15 2015/05/18 15:06:05 deraadt Exp $ */
+/* $OpenBSD: sandbox-systrace.c,v 1.16 2015/06/29 22:35:12 djm Exp $ */
 /*
  * Copyright (c) 2011 Damien Miller <djm@mindrot.org>
  *
@@ -61,6 +61,7 @@ static const struct sandbox_policy preauth_policy[] = {
 	{ SYS___sysctl, SYSTR_POLICY_PERMIT },
 #endif
 	{ SYS_getpid, SYSTR_POLICY_PERMIT },
+	{ SYS_getpgid, SYSTR_POLICY_PERMIT },
 	{ SYS_gettimeofday, SYSTR_POLICY_PERMIT },
 	{ SYS_madvise, SYSTR_POLICY_PERMIT },
 	{ SYS_mmap, SYSTR_POLICY_PERMIT },
author	djm@openbsd.org <djm@openbsd.org>	2015-06-29 22:35:12 +0000
committer	Damien Miller <djm@mindrot.org>	2015-06-30 08:36:34 +1000
commit	512caddf590857af6aa12218461b5c0441028cf5 (patch)
tree	fd1beaf73f1494a669187f985b7070c704c18384
parent	78c2a4f883ea9aba866358e2acd9793a7f42ca93 (diff)