diff options
author | Mike Frysinger <vapier@gentoo.org> | 2015-08-27 20:29:10 -0400 |
---|---|---|
committer | Mike Frysinger <vapier@gentoo.org> | 2015-08-27 20:29:10 -0400 |
commit | 6fa4f469c4b0f44259b1cc8c984bfcaa655a2f83 (patch) | |
tree | 80943a52f25d1c4b3ce3aa3d42f93f81f9bb1ce1 | |
parent | security: whitelist fakeroot syscalls (diff) | |
download | pax-utils-1.1.1.tar.gz pax-utils-1.1.1.tar.bz2 pax-utils-1.1.1.zip |
security: do not warn when seccomp is disabled in the kernelv1.1.1
If the seccomp feature is disabled in the kernel, we'll get back
EINVAL from the prctl call. There's no simple way to differentiate
between a real EINVAL (bad filter args), so we'll just assume that
libseccomp knows what it is doing.
Reported-by: Piotr Karbowski <piotr.karbowski@gmail.com>
URL: https://bugs.gentoo.org/558414
-rw-r--r-- | security.c | 7 |
1 files changed, 5 insertions, 2 deletions
@@ -163,8 +163,11 @@ static void pax_seccomp_init(bool allow_forking) #ifndef __SANITIZE_ADDRESS__ /* ASAN does some weird stuff. */ - if (seccomp_load(ctx) < 0) - warnp("seccomp_load failed"); + if (seccomp_load(ctx) < 0) { + /* We have to assume that EINVAL == CONFIG_SECCOMP is disabled. */ + if (errno != EINVAL) + warnp("seccomp_load failed"); + } #endif done: |