aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMike Frysinger <vapier@gentoo.org>2015-08-27 20:29:10 -0400
committerMike Frysinger <vapier@gentoo.org>2015-08-27 20:29:10 -0400
commit6fa4f469c4b0f44259b1cc8c984bfcaa655a2f83 (patch)
tree80943a52f25d1c4b3ce3aa3d42f93f81f9bb1ce1
parentsecurity: whitelist fakeroot syscalls (diff)
downloadpax-utils-1.1.1.tar.gz
pax-utils-1.1.1.tar.bz2
pax-utils-1.1.1.zip
security: do not warn when seccomp is disabled in the kernelv1.1.1
If the seccomp feature is disabled in the kernel, we'll get back EINVAL from the prctl call. There's no simple way to differentiate between a real EINVAL (bad filter args), so we'll just assume that libseccomp knows what it is doing. Reported-by: Piotr Karbowski <piotr.karbowski@gmail.com> URL: https://bugs.gentoo.org/558414
-rw-r--r--security.c7
1 files changed, 5 insertions, 2 deletions
diff --git a/security.c b/security.c
index 1fa64a0..af264ae 100644
--- a/security.c
+++ b/security.c
@@ -163,8 +163,11 @@ static void pax_seccomp_init(bool allow_forking)
#ifndef __SANITIZE_ADDRESS__
/* ASAN does some weird stuff. */
- if (seccomp_load(ctx) < 0)
- warnp("seccomp_load failed");
+ if (seccomp_load(ctx) < 0) {
+ /* We have to assume that EINVAL == CONFIG_SECCOMP is disabled. */
+ if (errno != EINVAL)
+ warnp("seccomp_load failed");
+ }
#endif
done: