shared/seccomp: skip pkey_mprotect protections if the syscall is unknown

When compiling with an old kernel on architectures for which the number is not defined in missing.h, a warning is generated in missing.h. Let's just skip the protection in this case, to allow build to proceed.
2024-11-01 00:51:24 +03:00 · 2017-11-13 09:35:49 +01:00 · 2017-11-13 09:35:49 +01:00 · 91691f1d3e
commit 91691f1d3e
parent 213f2883c0
1 changed files with 2 additions and 0 deletions
--- a/src/shared/seccomp-util.c
+++ b/src/shared/seccomp-util.c
@ -1440,11 +1440,13 @@ int seccomp_memory_deny_write_execute(void) {
                if (r < 0)
                        continue;

+#ifdef __NR_pkey_mprotect
                r = add_seccomp_syscall_filter(seccomp, arch, SCMP_SYS(pkey_mprotect),
                                               1,
                                               SCMP_A2(SCMP_CMP_MASKED_EQ, PROT_EXEC, PROT_EXEC));
                if (r < 0)
                        continue;
+#endif

                if (shmat_syscall != 0) {
                        r = add_seccomp_syscall_filter(seccomp, arch, SCMP_SYS(shmat),