Dr. Werner Fink
6f2e529915
OBS-URL: https://build.opensuse.org/package/show/Base:System/file?expand=0&rev=295
40 lines
1.2 KiB
Diff
40 lines
1.2 KiB
Diff
From 7b23bd3f87069fcebc9173c8d1637c2a2e1a12d1 Mon Sep 17 00:00:00 2001
|
|
From: Tobias Stoeckmann <tobias@stoeckmann.org>
|
|
Date: Wed, 6 Aug 2025 23:11:10 +0200
|
|
Subject: [PATCH] Extend seccomp for glibc and physical terminals
|
|
|
|
New glibc implementations might also use TCGETS2 instead of TCGETS.
|
|
This happens on current Arch Linux systems. Allow TCGETS2 in seccomp
|
|
sandbox as well.
|
|
---
|
|
src/seccomp.c | 6 ++++++
|
|
1 file changed, 6 insertions(+)
|
|
|
|
diff --git a/src/seccomp.c b/src/seccomp.c
|
|
index f05c30f9..dddb821c 100644
|
|
--- a/src/seccomp.c
|
|
+++ b/src/seccomp.c
|
|
!@@ -37,6 +37,8 @@ FILE_RCSID("@(#)$File: seccomp.c,v 1.31 2025/03/20 14:57:41 christos Exp $")
|
|
! #ifdef __powerpc64__
|
|
! // See: https://sourceware.org/bugzilla/show_bug.cgi?id=32806
|
|
! # include <asm/termbits.h>
|
|
!+#elif defined __linux__
|
|
!+# include <linux/termios.h>
|
|
! #else
|
|
! # include <termios.h>
|
|
! #endif
|
|
@@ -121,6 +123,10 @@ enable_sandbox(void)
|
|
#ifdef TCGETS
|
|
// glibc may call ioctl TCGETS on stdout on physical terminal
|
|
ALLOW_IOCTL_RULE(TCGETS);
|
|
+#endif
|
|
+#ifdef TCGETS2
|
|
+ // glibc may call ioctl TCGETS2 on stdout on physical terminal
|
|
+ ALLOW_IOCTL_RULE(TCGETS2);
|
|
#endif
|
|
ALLOW_RULE(lseek);
|
|
ALLOW_RULE(_llseek);
|
|
--
|
|
2.50.1
|
|
|