From: Lennart Poettering <lennart@poettering.net>
Date: Fri, 21 Oct 2016 19:15:43 +0000 (+0200)
Subject: seccomp: two fixes for the syscall set tables
X-Git-Tag: v232~39^2~3
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=60f547cf684d27e8c0e7ff44663650e90f9e0bcf;p=thirdparty%2Fsystemd.git

seccomp: two fixes for the syscall set tables

"oldumount()" is not a syscall, but simply a wrapper for it, the actual syscall
nr is called "umount" (and the nr of umount() is called umount2 internally).

"sysctl()" is not a syscall, but "_syscall()" is. Fix this in the table.

Without these changes libseccomp cannot actually translate the tables in full.
This wasn't noticed before as the code was written defensively for this case.
---

diff --git a/src/shared/seccomp-util.c b/src/shared/seccomp-util.c
index 0b9fa47c440..f1e9de05b2f 100644
--- a/src/shared/seccomp-util.c
+++ b/src/shared/seccomp-util.c
@@ -272,7 +272,6 @@ const SyscallFilterSet syscall_filter_sets[_SYSCALL_FILTER_SET_MAX] = {
                 .value =
                 "chroot\0"
                 "mount\0"
-                "oldumount\0"
                 "pivot_root\0"
                 "umount2\0"
                 "umount\0"
@@ -371,7 +370,7 @@ const SyscallFilterSet syscall_filter_sets[_SYSCALL_FILTER_SET_MAX] = {
                 "setuid\0"
                 "swapoff\0"
                 "swapon\0"
-                "sysctl\0"
+                "_sysctl\0"
                 "vhangup\0"
         },
         [SYSCALL_FILTER_SET_PROCESS] = {