git.ipfire.org Git - thirdparty/systemd.git/commit

shared/seccomp-util: address family filtering is broken on ppc

This reverts the gist of da1921a5c396547261c8c7fcd94173346eb3b718 and
0d9fca76bb69e162265b2d25cb79f1890c0da31b (for ppc).

Quoting #17559:
> libseccomp 2.5 added socket syscall multiplexing on ppc64(el):
> https://github.com/seccomp/libseccomp/pull/229
>
> Like with i386, s390 and s390x this breaks socket argument filtering, so
> RestrictAddressFamilies doesn't work.
>
> This causes the unit test to fail:
> /* test_restrict_address_families */
> Operating on architecture: ppc
> Failed to install socket family rules for architecture ppc, skipping: Operation canceled
> Operating on architecture: ppc64
> Failed to add socket() rule for architecture ppc64, skipping: Invalid argument
> Operating on architecture: ppc64-le
> Failed to add socket() rule for architecture ppc64-le, skipping: Invalid argument
> Assertion 'fd < 0' failed at src/test/test-seccomp.c:424, function test_restrict_address_families(). Aborting.
>
> The socket filters can't be added so `socket(AF_UNIX, SOCK_DGRAM, 0);` still
> works, triggering the assertion.

Fixes #17559.

(cherry picked from commit d5923e38bc0e6cf9d7620ed5f1f8606fe7fe1168)

author	Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
	Thu, 26 Nov 2020 10:23:54 +0000 (11:23 +0100)
committer	Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
	Tue, 8 Dec 2020 17:08:31 +0000 (18:08 +0100)
commit	6cea4fcc986a99fe09babb166c39fcbb12fccf88
tree	2986efbd469127c35c1d8c05a20d217d1786adfc	tree \| snapshot
parent	b5d7ba5fd4b61ba4919887cdf4a97c660bd9367b	commit \| diff

src/shared/seccomp-util.c		diff \| blob \| blame \| history
src/test/test-seccomp.c		diff \| blob \| blame \| history