commit 15d420b564d00891a9a9a388cfb187aff8a89d3b Author: Cristian Toader cristian.matei.toader@gmail.com Date: Mon Aug 26 20:06:46 2013 +0300
fix: accept4 for 64 bit --- src/common/sandbox.c | 19 +++++++++++++++++-- 1 file changed, 17 insertions(+), 2 deletions(-)
diff --git a/src/common/sandbox.c b/src/common/sandbox.c index e026c7c..79a8930 100644 --- a/src/common/sandbox.c +++ b/src/common/sandbox.c @@ -181,8 +181,23 @@ sb_time(scmp_filter_ctx ctx, sandbox_cfg_t *filter) static int sb_accept4(scmp_filter_ctx ctx, sandbox_cfg_t *filter) { - return seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(socketcall), 1, - SCMP_CMP(0, SCMP_CMP_EQ, 18)); + int rc = 0; + +#ifdef __i386__ + rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(socketcall), 1, + SCMP_CMP(0, SCMP_CMP_EQ, 18)); + if (rc) { + return rc; + } +#endif + + rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(accept4), 1, + SCMP_CMP(3, SCMP_CMP_EQ, SOCK_CLOEXEC)); + if (rc) { + return rc; + } + + return 0; }
#ifdef __NR_mmap2