git.ipfire.org Git - thirdparty/systemd.git/commit

author	Anita Zhang <the.anitazha@gmail.com>
	Wed, 10 Apr 2019 23:08:41 +0000 (16:08 -0700)
committer	Lennart Poettering <lennart@poettering.net>
	Fri, 12 Apr 2019 08:23:07 +0000 (10:23 +0200)
commit	7bc5e0b12b7647ac203eeb81092c08724f9bbed3
tree	03c607ebb1ff27d2fb3899401b3292b26fc01e12	tree \| snapshot
parent	03abeb0baf7fe97c98a98d745b75c7d33e2f632e	commit \| diff

seccomp: check more error codes from seccomp_load()

We noticed in our tests that occasionally SystemCallFilter= would
fail to set and the service would run with no syscall filtering.
Most of the time the same tests would apply the filter and fail
the service as expected. While it's not totally clear why this happens,
we noticed seccomp_load() in the systemd code base would fail open for
all errors except EPERM and EACCES.

ENOMEM, EINVAL, and EFAULT seem like reasonable values to add to the
error set based on what I gather from libseccomp code and man pages:

-ENOMEM: out of memory, failed to allocate space for a libseccomp structure, or would exceed a defined constant
-EINVAL: kernel isn't configured to support the operations, args are invalid (to seccomp_load(), seccomp(), or prctl())
-EFAULT: addresses passed as args are invalid

src/nspawn/nspawn-seccomp.c		diff \| blob \| blame \| history
src/nspawn/nspawn.c		diff \| blob \| blame \| history
src/shared/seccomp-util.c		diff \| blob \| blame \| history
src/shared/seccomp-util.h		diff \| blob \| blame \| history