security: do not warn when seccomp is disabled in the kernelv1.1.1

If the seccomp feature is disabled in the kernel, we'll get back EINVAL from the prctl call. There's no simple way to differentiate between a real EINVAL (bad filter args), so we'll just assume that libseccomp knows what it is doing. Reported-by: Piotr Karbowski <piotr.karbowski@gmail.com> URL: https://bugs.gentoo.org/558414
author: Mike Frysinger <vapier@gentoo.org> 2015-08-27 20:29:10 -0400
committer: Mike Frysinger <vapier@gentoo.org> 2015-08-27 20:29:10 -0400
commit: 6fa4f469c4b0f44259b1cc8c984bfcaa655a2f83 (patch)
tree: 80943a52f25d1c4b3ce3aa3d42f93f81f9bb1ce1
parent: security: whitelist fakeroot syscalls (diff)
download: pax-utils-6fa4f469c4b0f44259b1cc8c984bfcaa655a2f83.tar.gz
pax-utils-6fa4f469c4b0f44259b1cc8c984bfcaa655a2f83.tar.bz2
pax-utils-6fa4f469c4b0f44259b1cc8c984bfcaa655a2f83.zip
1 files changed, 5 insertions, 2 deletions
diff --git a/security.c b/security.c
index 1fa64a0..af264ae 100644
--- a/security.c
+++ b/security.c
@@ -163,8 +163,11 @@ static void pax_seccomp_init(bool allow_forking)
 
 #ifndef __SANITIZE_ADDRESS__
 	/* ASAN does some weird stuff. */
-	if (seccomp_load(ctx) < 0)
-		warnp("seccomp_load failed");
+	if (seccomp_load(ctx) < 0) {
+		/* We have to assume that EINVAL == CONFIG_SECCOMP is disabled. */
+		if (errno != EINVAL)
+			warnp("seccomp_load failed");
+	}
 #endif
 
  done:
author	Mike Frysinger <vapier@gentoo.org>	2015-08-27 20:29:10 -0400
committer	Mike Frysinger <vapier@gentoo.org>	2015-08-27 20:29:10 -0400
commit	6fa4f469c4b0f44259b1cc8c984bfcaa655a2f83 (patch)
tree	80943a52f25d1c4b3ce3aa3d42f93f81f9bb1ce1
parent	security: whitelist fakeroot syscalls (diff)
download	pax-utils-6fa4f469c4b0f44259b1cc8c984bfcaa655a2f83.tar.gz pax-utils-6fa4f469c4b0f44259b1cc8c984bfcaa655a2f83.tar.bz2 pax-utils-6fa4f469c4b0f44259b1cc8c984bfcaa655a2f83.zip