From: Lennart Poettering <lennart@poettering.net>
Date: Thu, 28 Mar 2019 11:00:56 +0000 (+0100)
Subject: core: parse '@default' seccomp group permissively
X-Git-Tag: v242-rc1~44^2~3
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=2f6b9110fcdf12751a39dd93f498dbc5b318d4e1;p=thirdparty%2Fsystemd.git

core: parse '@default' seccomp group permissively

We are about to add system calls (rseq()) not available on old
libseccomp/old kernels, and hence we need to be permissive when parsing
our definitions.
---

diff --git a/src/core/load-fragment.c b/src/core/load-fragment.c
index 2f62c7acb53..58833dfc7c9 100644
--- a/src/core/load-fragment.c
+++ b/src/core/load-fragment.c
@@ -2695,7 +2695,9 @@ int config_parse_syscall_filter(
                         c->syscall_whitelist = true;
 
                         /* Accept default syscalls if we are on a whitelist */
-                        r = seccomp_parse_syscall_filter("@default", -1, c->syscall_filter, SECCOMP_PARSE_WHITELIST);
+                        r = seccomp_parse_syscall_filter(
+                                        "@default", -1, c->syscall_filter,
+                                        SECCOMP_PARSE_PERMISSIVE|SECCOMP_PARSE_WHITELIST);
                         if (r < 0)
                                 return r;
                 }