From: Christian Ehrhardt <christian.ehrhardt@canonical.com>
Date: Wed, 27 Nov 2019 09:53:50 +0000 (+0100)
Subject: seccomp: use per arch shmat_syscall
X-Git-Tag: v245-rc1~304^2~1
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=5ef3ed97e3c718be790b1f38928ca66cb68250a8;p=thirdparty%2Fsystemd.git

seccomp: use per arch shmat_syscall

At the beginning of seccomp_memory_deny_write_execute architectures
can set individual filter_syscall, block_syscall, shmat_syscall values.
The former two are then used in the call to add_seccomp_syscall_filter
but shmat_syscall is not.

Right now all shmat_syscall values are the same, so the change is a
no-op, but if ever an architecture is added/modified this would be a
subtle source for a mistake so fix it by using shmat_syscall later.

Signed-off-by: Christian Ehrhardt <christian.ehrhardt@canonical.com>
---

diff --git a/src/shared/seccomp-util.c b/src/shared/seccomp-util.c
index cf086d22fbd..6d42b2d5734 100644
--- a/src/shared/seccomp-util.c
+++ b/src/shared/seccomp-util.c
@@ -1667,7 +1667,7 @@ int seccomp_memory_deny_write_execute(void) {
 #endif
 
                 if (shmat_syscall > 0) {
-                        r = add_seccomp_syscall_filter(seccomp, arch, SCMP_SYS(shmat),
+                        r = add_seccomp_syscall_filter(seccomp, arch, shmat_syscall,
                                                        1,
                                                        SCMP_A2(SCMP_CMP_MASKED_EQ, SHM_EXEC, SHM_EXEC));
                         if (r < 0)