Age | Commit message (Collapse) | Author |
|
-BEGIN VERIFY SCRIPT-
./contrib/devtools/copyright_header.py update ./
-END VERIFY SCRIPT-
Commits of previous years:
- 2021: f47dda2c58b5d8d623e0e7ff4e74bc352dfa83d7
- 2020: fa0074e2d82928016a43ca408717154a1c70a4db
- 2019: aaaaad6ac95b402fe18d019d67897ced6b316ee0
|
|
* Revert "util: Add inotify_rm_watch to syscall sandbox (AllowFileSystem)"
This reverts commit f05a4cdf5a0363e1c12f00c034afb60e7ea0c775.
* Revert "util: add linkat to syscall sandbox (AllowFileSystem)"
This reverts commit 9809db3577f0fa618bea42635b1581e628a30395.
|
|
|
|
|
|
|
|
Fixes #24368.
|
|
|
|
Warning: Replacing fs::system_complete calls with fs::absolute calls
in this commit may cause minor changes in behaviour because fs::absolute
no longer strips trailing slashes; however these changes are believed to
be safe.
Co-authored-by: Russell Yanofsky <russ@yanofsky.org>
Co-authored-by: Hennadii Stepanov <32963518+hebasto@users.noreply.github.com>
|
|
-BEGIN VERIFY SCRIPT-
./contrib/devtools/copyright_header.py update ./
-END VERIFY SCRIPT-
Commits of previous years:
* 2020: fa0074e2d82928016a43ca408717154a1c70a4db
* 2019: aaaaad6ac95b402fe18d019d67897ced6b316ee0
|
|
|
|
Also, sort entries. Can be reviewed with: --color-moved=dimmed-zebra
|
|
|
|
kernel 4.4.0
ac402e749c91d40ce7066993f72f426b67196bd7 util: Conditionalize some syscalls in syscall name table (W. J. van der Laan)
64085b37f8d5c018372f013e925a725b67b527fc util: Add __NR_copy_file_range syscall constant for sandbox (W. J. van der Laan)
Pull request description:
Make the new syscall sandbox compilable with kernel 4.4.0.
This defines a further syscall constant `__NR_copy_file_range` to make sure all syscalls used in the profile are available even if not defined in the kernel headers.
Also, make a few syscalls optional in the syscall name table:
- `__NR_pkey_alloc`
- `__NR_pkey_free`
- `__NR_pkey_mprotect`
- `__NR_preadv2`
- `__NR_pwritev2`
ACKs for top commit:
practicalswift:
cr ACK ac402e749c91d40ce7066993f72f426b67196bd7
Tree-SHA512: be6c55bf0a686bcdfad0b80b950d0d7d77a559ac234fc997b47514bdba44865a371c96dd8d34a811ba46424a84f410e23f75485b9b1e69e529b7d40e0b4b91b8
|
|
|
|
Put these in `#ifdef` as they are newer syscalls that might not be
defined on all kernels:
__NR_pkey_alloc
__NR_pkey_free
__NR_pkey_mprotect
__NR_preadv2
__NR_pwritev2
Thanks to jamesob for reporting.
|
|
Kernel 4.4.0 doesn't define this.
|
|
2d0279987ef04edda5f61c171768b9527cc936cc util: Make sure syscall numbers used in profile are defined (W. J. van der Laan)
8289d19ea5d9935883f71a32e2f8f82ba7a283fb util: Define SECCOMP_RET_KILL_PROCESS if not provided by the headers (W. J. van der Laan)
Pull request description:
Looks like we've broke the GUIX build in #20487. This attempts to fix it:
- Define `__NR_statx` `__NR_getrandom` `__NR_membarrier` as some kernel headers lack them, and it's important to have the same profile independent on what kernel is used for building.
- Define `SECCOMP_RET_KILL_PROCESS` as it isn't defined in the headers.
ACKs for top commit:
practicalswift:
cr ACK 2d0279987ef04edda5f61c171768b9527cc936cc
Tree-SHA512: c264c66f90af76bf364150e44d0a31876c2ef99f05777fcdd098a23f1e80efef43028f54bf9b3dad016110056d303320ed9741b0cb4c6266175fa9d5589b4277
|
|
Define the following syscall numbers for x86_64, so that the profile
will be the same no matter what kernel is built against, including
kernels that don't have `__NR_statx`:
```c++
#define __NR_statx 332
#define __NR_getrandom 318
#define __NR_membarrier 324
```
|
|
Define `SECCOMP_RET_KILL_PROCESS` as it isn't defined in the headers, as
is the case for the GUIX build on this platform.
|
|
|
|
|
|
|