EOF
if $CC -fsanitize=address _test.c -o _test 2>&3; then
echo "yes"
+ echo "CPPFLAGS+= -DASAN" >>$CONFIG_MK
echo "CFLAGS+= -fsanitize=address" >>$CONFIG_MK
echo "CFLAGS+= -fno-omit-frame-pointer" >>$CONFIG_MK
echo "LDFLAGS+= -fsanitize=address" >>$CONFIG_MK
#ifdef __NR_shutdown
SECCOMP_ALLOW(__NR_shutdown),
#endif
-#ifdef __NR_sigaltstack
- /* Allows a clean exit when compiled for address sanitization. */
- SECCOMP_ALLOW(__NR_sigaltstack),
-#endif
#ifdef __NR_statx
SECCOMP_ALLOW(__NR_statx),
#endif
SECCOMP_ALLOW(__NR_uname),
#endif
+/* These are for compiling with address sanitization */
+#ifdef ASAN
+#ifdef __NR_futex
+ SECCOMP_ALLOW(__NR_futex),
+#endif
+#ifdef __NR_openat
+ SECCOMP_ALLOW(__NR_openat),
+#endif
+#ifdef __NR_readlink
+ SECCOMP_ALLOW(__NR_readlink),
+#endif
+#ifdef __NR_sigaltstack
+ SECCOMP_ALLOW(__NR_sigaltstack),
+#endif
+
+/* coredumps */
+#ifdef __NR_gettid
+ SECCOMP_ALLOW(__NR_gettid),
+#endif
+#ifdef __NR_tgkill
+ SECCOMP_ALLOW(__NR_tgkill),
+#endif
+#endif
+
/* Deny everything else */
BPF_STMT(BPF_RET + BPF_K, SECCOMP_FILTER_FAIL),
};
STDOUT_FILENO : STDERR_FILENO;
if (ctx->options & DHCPCD_LAUNCHER)
+#ifdef ASAN
+ logwarnx("not chrooting as compiled for ASAN");
+#else
logdebugx("chrooting as %s to %s", pw->pw_name, pw->pw_dir);
+
if (chroot(pw->pw_dir) == -1 &&
(errno != EPERM || ctx->options & DHCPCD_FORKED))
logerr("%s: chroot: %s", __func__, pw->pw_dir);
+#endif
+
if (chdir("/") == -1)
logerr("%s: chdir: /", __func__);
projects / thirdparty / dhcpcd.git / commitdiff
