void-packages/srcpkgs/lxd/patches/seccomp.patch

42 lines
1.1 KiB
Diff

lxc/lxd@a181ed4 [PATCH] seccomp: define __NR_mknod if missing
lxc/lxd@c655ed5 [PATCH] seccomp: rework missing syscall number definitions
---
lxd/seccomp.go | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/lxd/seccomp.go b/lxd/seccomp.go
index 0afad7cacc..32397b9729 100644
--- lxd/seccomp.go
+++ lxd/seccomp.go
@@ -109,6 +109,14 @@
return -EPERM;
}
+#ifndef __NR_mknodat
+ #error missing kernel headers
+#else
+ #ifdef __NR_mknod
+ #define LXD_MUST_CHECK_MKNOD
+ #endif
+#endif
+
static int seccomp_notify_mknod_set_response(int fd_mem, struct seccomp_notify_proxy_msg *msg,
char *buf, size_t size,
mode_t *mode, dev_t *dev,
@@ -124,6 +132,7 @@ static int seccomp_notify_mknod_set_response(int fd_mem, struct seccomp_notify_p
resp->val = 0;
switch (req->data.nr) {
+#ifdef LXD_MUST_CHECK_MKNOD
case __NR_mknod:
resp->error = device_allowed(req->data.args[2], req->data.args[1]);
if (resp->error) {
@@ -143,6 +149,7 @@ static int seccomp_notify_mknod_set_response(int fd_mem, struct seccomp_notify_p
*pid = req->pid;
break;
+#endif
case __NR_mknodat:
if (req->data.args[0] != AT_FDCWD) {
errno = EINVAL;