aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMike Frysinger <vapier@gentoo.org>2015-09-19 01:08:46 -0400
committerMike Frysinger <vapier@gentoo.org>2015-09-19 01:08:46 -0400
commit1f7a936b5cd7673275540ef73fdeb29fba821a15 (patch)
tree09c85f74189443e2653fc847a13af29bb308530f
parentsecurity: whitelist dup syscalls (diff)
downloadpax-utils-1f7a936b5cd7673275540ef73fdeb29fba821a15.tar.gz
pax-utils-1f7a936b5cd7673275540ef73fdeb29fba821a15.tar.bz2
pax-utils-1f7a936b5cd7673275540ef73fdeb29fba821a15.zip
security: whitelist the futex syscall
When building with openmp, often libpthread is linked in and code automatically generated using it. That means lower mutexes end up calling the futex syscall. This isn't just when pax-utils is built with openmp, but it also applies when libraries it links with are built with openmp. Reported-by: florianmey@gmx.de URL: https://bugs.gentoo.org/559814
-rw-r--r--security.c3
1 files changed, 3 insertions, 0 deletions
diff --git a/security.c b/security.c
index da881e8..af06dcb 100644
--- a/security.c
+++ b/security.c
@@ -123,6 +123,9 @@ static void pax_seccomp_init(bool allow_forking)
SCMP_SYS(_llseek),
SCMP_SYS(mprotect),
+ /* Syscalls listed because of compiler settings. */
+ SCMP_SYS(futex),
+
/* Syscalls listed because of sandbox. */
SCMP_SYS(readlink),