From: Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
Date: Mon, 13 Nov 2017 08:35:49 +0000 (+0100)
Subject: shared/seccomp: skip pkey_mprotect protections if the syscall is unknown
X-Git-Tag: v236~230^2
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=refs%2Fpull%2F7310%2Fhead;p=thirdparty%2Fsystemd.git

shared/seccomp: skip pkey_mprotect protections if the syscall is unknown

When compiling with an old kernel on architectures for which the
number is not defined in missing.h, a warning is generated in missing.h.
Let's just skip the protection in this case, to allow build to proceed.
---

diff --git a/src/shared/seccomp-util.c b/src/shared/seccomp-util.c
index f8f757650b7..8b6184a778f 100644
--- a/src/shared/seccomp-util.c
+++ b/src/shared/seccomp-util.c
@@ -1440,11 +1440,13 @@ int seccomp_memory_deny_write_execute(void) {
                 if (r < 0)
                         continue;
 
+#ifdef __NR_pkey_mprotect
                 r = add_seccomp_syscall_filter(seccomp, arch, SCMP_SYS(pkey_mprotect),
                                                1,
                                                SCMP_A2(SCMP_CMP_MASKED_EQ, PROT_EXEC, PROT_EXEC));
                 if (r < 0)
                         continue;
+#endif
 
                 if (shmat_syscall != 0) {
                         r = add_seccomp_syscall_filter(seccomp, arch, SCMP_SYS(shmat),