shaba/systemd
1
0
Fork 0
mirror of https://github.com/systemd/systemd.git synced 2025-01-10 05:18:17 +03:00
Code

seccomp: allowlist uretprobe() syscall

Browse Source 
This is a new syscall provided by the kernel used to implement faster
uprobes. It's not supposed to be called by userspace, but only by kernel
generated uprobe code.

It should be fine to allow this, as the kernel authenticates the
invocation itself, and we shouldn't break compat with things.

Note that this allowlisting is not sufficient to make ureprobe() work.
libseccomp must be tought the syscall too, but this can happen
independently.

Fixes: #34615
(cherry picked from commit d693c483a2)
This commit is contained in:
Lennart Poettering 2024-10-11 09:46:14 +02:00 committed by Luca Boccassi
parent 4d2999eb53
commit 389fbf4649
1 changed files with 1 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
src/shared/seccomp-util.c
View File

@ -381,6 +381,7 @@ const SyscallFilterSet syscall_filter_sets[_SYSCALL_FILTER_SET_MAX] = {
"sigreturn\0"
"time\0"
"ugetrlimit\0"
"uretprobe\0"
},
[SYSCALL_FILTER_SET_AIO] = {
.name = "@aio",