42 lines
1.1 KiB
Diff
42 lines
1.1 KiB
Diff
lxc/lxd@a181ed4 [PATCH] seccomp: define __NR_mknod if missing
|
|
lxc/lxd@c655ed5 [PATCH] seccomp: rework missing syscall number definitions
|
|
---
|
|
lxd/seccomp.go | 9 +++++++++
|
|
1 file changed, 9 insertions(+)
|
|
|
|
diff --git a/lxd/seccomp.go b/lxd/seccomp.go
|
|
index 0afad7cacc..32397b9729 100644
|
|
--- lxd/seccomp.go
|
|
+++ lxd/seccomp.go
|
|
@@ -109,6 +109,14 @@
|
|
return -EPERM;
|
|
}
|
|
|
|
+#ifndef __NR_mknodat
|
|
+ #error missing kernel headers
|
|
+#else
|
|
+ #ifdef __NR_mknod
|
|
+ #define LXD_MUST_CHECK_MKNOD
|
|
+ #endif
|
|
+#endif
|
|
+
|
|
static int seccomp_notify_mknod_set_response(int fd_mem, struct seccomp_notify_proxy_msg *msg,
|
|
char *buf, size_t size,
|
|
mode_t *mode, dev_t *dev,
|
|
@@ -124,6 +132,7 @@ static int seccomp_notify_mknod_set_response(int fd_mem, struct seccomp_notify_p
|
|
resp->val = 0;
|
|
|
|
switch (req->data.nr) {
|
|
+#ifdef LXD_MUST_CHECK_MKNOD
|
|
case __NR_mknod:
|
|
resp->error = device_allowed(req->data.args[2], req->data.args[1]);
|
|
if (resp->error) {
|
|
@@ -143,6 +149,7 @@ static int seccomp_notify_mknod_set_response(int fd_mem, struct seccomp_notify_p
|
|
*pid = req->pid;
|
|
|
|
break;
|
|
+#endif
|
|
case __NR_mknodat:
|
|
if (req->data.args[0] != AT_FDCWD) {
|
|
errno = EINVAL;
|