[tor-commits] [tor] 01/04: Sandbox: Permit the clone3 system call
gitolite role
git at cupani.torproject.org
Mon Mar 28 13:46:49 UTC 2022
This is an automated email from the git hooks/post-receive script.
dgoulet pushed a commit to branch main
in repository tor.
commit de3872656a8d3a79ca3d5fc55f1b64c4862b4c8a
Author: Nick Mathewson <nickm at torproject.org>
AuthorDate: Sun Mar 27 18:34:25 2022 -0400
Sandbox: Permit the clone3 system call
Apparently glibc-2.34 uses clone3, when previously it just used
clone.
Closes ticket #40590.
---
changes/clone3-sandbox | 3 +++
src/lib/sandbox/sandbox.c | 3 +++
2 files changed, 6 insertions(+)
diff --git a/changes/clone3-sandbox b/changes/clone3-sandbox
new file mode 100644
index 0000000000..dac8fe72da
--- /dev/null
+++ b/changes/clone3-sandbox
@@ -0,0 +1,3 @@
+ o Minor features (linux seccomp2 sandbox):
+ - Permit the clone3 syscall, which is apparently used in glibc-2.34 and
+ later. Closes ticket 40590.
diff --git a/src/lib/sandbox/sandbox.c b/src/lib/sandbox/sandbox.c
index 8f577b0660..df676fad2f 100644
--- a/src/lib/sandbox/sandbox.c
+++ b/src/lib/sandbox/sandbox.c
@@ -144,6 +144,9 @@ static int filter_nopar_gen[] = {
SCMP_SYS(clock_gettime),
SCMP_SYS(close),
SCMP_SYS(clone),
+#ifdef __NR_clone3
+ SCMP_SYS(clone3),
+#endif
SCMP_SYS(epoll_create),
SCMP_SYS(epoll_wait),
#ifdef __NR_epoll_pwait
--
To stop receiving notification emails like this one, please contact
the administrator of this repository.
More information about the tor-commits
mailing list