Merge pull request #7310 from keszybz/missing-pkey_mprotect

basic/missing: add numbers for pkey_mprotect

src/basic/missing_syscall.h

@@ -319,6 +319,8 @@ static inline ssize_t copy_file_range(int fd_in, loff_t *off_in,
 }
 #endif
 
+/* ======================================================================= */
+
 #if !HAVE_BPF
 #  ifndef __NR_bpf
 #    if defined __i386__
@@ -348,3 +350,31 @@ static inline int bpf(int cmd, union bpf_attr *attr, size_t size) {
 }
 
 #endif
+
+/* ======================================================================= */
+
+#ifndef __IGNORE_pkey_mprotect
+#  ifndef __NR_pkey_mprotect
+#    if defined __i386__
+#      define __NR_pkey_mprotect 380
+#    elif defined __x86_64__
+#      define __NR_pkey_mprotect 329
+#    elif defined __arm__
+#      define __NR_pkey_mprotect 394
+#    elif defined __aarch64__
+#      define __NR_pkey_mprotect 394
+#    elif defined _MIPS_SIM
+#      if _MIPS_SIM == _MIPS_SIM_ABI32
+#        define __NR_pkey_mprotect 4363
+#      endif
+#      if _MIPS_SIM == _MIPS_SIM_NABI32
+#        define __NR_pkey_mprotect 6327
+#      endif
+#      if _MIPS_SIM == _MIPS_SIM_ABI64
+#        define __NR_pkey_mprotect 5323
+#      endif
+#    elif ! defined(__IGNORE_pkey_mprotect)
+#      warning "__NR_pkey_mprotect not defined for your architecture"
+#    endif
+#  endif
+#endif

src/shared/seccomp-util.c

@@ -1440,11 +1440,13 @@ int seccomp_memory_deny_write_execute(void) {
                 if (r < 0)
                         continue;
 
+#ifdef __NR_pkey_mprotect
                 r = add_seccomp_syscall_filter(seccomp, arch, SCMP_SYS(pkey_mprotect),
                                                1,
                                                SCMP_A2(SCMP_CMP_MASKED_EQ, PROT_EXEC, PROT_EXEC));
                 if (r < 0)
                         continue;
+#endif
 
                 if (shmat_syscall != 0) {
                         r = add_seccomp_syscall_filter(seccomp, arch, SCMP_SYS(shmat),