- (djm) [sandbox-seccomp-filter.c] Not all Linux architectures define

author Damien Miller <djm@mindrot.org>

Thu, 6 Feb 2014 00:17:50 +0000 (11:17 +1100)

committer Damien Miller <djm@mindrot.org>

Thu, 6 Feb 2014 00:17:50 +0000 (11:17 +1100)
author Damien Miller <djm@mindrot.org>
Thu, 6 Feb 2014 00:17:50 +0000 (11:17 +1100)
committer Damien Miller <djm@mindrot.org>
Thu, 6 Feb 2014 00:17:50 +0000 (11:17 +1100)
diff --git a/ChangeLog b/ChangeLog

index 3867fd37e93694cbd3ad7a553b84eeac41c1ed3f..6289bfe280a55defc8159ad48cf5aa9394f18282 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,6 +1,8 @@
  20140206
   - (dtucker) [openbsd-compat/bsd-poll.c] Don't bother checking for non-NULL
     before freeing since free(NULL) is a no-op.  ok djm.
+ - (djm) [sandbox-seccomp-filter.c] Not all Linux architectures define
+   __NR_shutdown; some go via the socketcall(2) multiplexer.
  
  20140205
   - (djm) [sandbox-capsicum.c] Don't fatal if Capsicum is offered by
diff --git a/sandbox-seccomp-filter.c b/sandbox-seccomp-filter.c

index dbda60bab11283040cc48648f605785dc3a074e6..c0c17c2fc09883811536ae32a02e1bb74c4e7287 100644 (file)
--- a/sandbox-seccomp-filter.c
+++ b/sandbox-seccomp-filter.c
@@ -98,7 +98,9 @@ static const struct sock_filter preauth_insns[] = {
         SC_ALLOW(read),
         SC_ALLOW(write),
         SC_ALLOW(close),
+#ifdef __NR_shutdown /* not defined on archs that go via socketcall(2) */
         SC_ALLOW(shutdown),
+#endif
         SC_ALLOW(brk),
         SC_ALLOW(poll),
  #ifdef __NR__newselect
author	Damien Miller <djm@mindrot.org>
	Thu, 6 Feb 2014 00:17:50 +0000 (11:17 +1100)
committer	Damien Miller <djm@mindrot.org>
	Thu, 6 Feb 2014 00:17:50 +0000 (11:17 +1100)
ChangeLog		patch \| blob \| blame \| history
sandbox-seccomp-filter.c		patch \| blob \| blame \| history