diff options
author | Mike Frysinger <vapier@gentoo.org> | 2015-08-26 02:27:27 -0400 |
---|---|---|
committer | Mike Frysinger <vapier@gentoo.org> | 2015-08-26 02:27:27 -0400 |
commit | c39a557a2b53f6fea61117d9b0d90ea51a738d6b (patch) | |
tree | e2e63f4c8e1e9f33bfc74b4c5b9813870a40f18d /security.c | |
parent | security: add a debug handler for seccomp (diff) | |
download | pax-utils-c39a557a2b53f6fea61117d9b0d90ea51a738d6b.tar.gz pax-utils-c39a557a2b53f6fea61117d9b0d90ea51a738d6b.tar.bz2 pax-utils-c39a557a2b53f6fea61117d9b0d90ea51a738d6b.zip |
security: whitelist fakeroot syscalls
Until we get a bit more dynamic here, whitelist the IPC syscalls that
fakeroot uses since it is available via portage FEATURES.
URL: https://bugs.gentoo.org/558482
Diffstat (limited to 'security.c')
-rw-r--r-- | security.c | 7 |
1 files changed, 7 insertions, 0 deletions
@@ -122,6 +122,13 @@ static void pax_seccomp_init(bool allow_forking) /* Syscalls listed because of sandbox. */ SCMP_SYS(readlink), + + /* Syscalls listed because of fakeroot. */ + SCMP_SYS(msgget), + SCMP_SYS(msgrcv), + SCMP_SYS(msgsnd), + SCMP_SYS(semget), + SCMP_SYS(semop), }; int fork_syscalls[] = { SCMP_SYS(clone), |