From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Fri, 15 Aug 2025 04:21:59 +0000 (+0900)
Subject: hostname-setup: do not trigger assertion when uname() is prohibited by seccomp
X-Git-Tag: v258-rc3~33^2~5
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=45079ae1e6773530c990954a65499c7b73a943d6;p=thirdparty%2Fsystemd.git

hostname-setup: do not trigger assertion when uname() is prohibited by seccomp

gethostname_full() is used in nss-myhostname, and hence random
application may indirectly call it. When an application with a too strict
seccomp filter loads the nss module, the application may trigger the
assertion.

Partially fixes #38582.
---

diff --git a/src/shared/hostname-setup.c b/src/shared/hostname-setup.c
index 0d21e0482d1..ac13d06fb23 100644
--- a/src/shared/hostname-setup.c
+++ b/src/shared/hostname-setup.c
@@ -316,7 +316,8 @@ int gethostname_full(GetHostnameFlags flags, char **ret) {
 
         assert(ret);
 
-        assert_se(uname(&u) >= 0);
+        if (uname(&u) < 0)
+                return -errno;
 
         s = u.nodename;
         if (isempty(s) || streq(s, "(none)") ||