|
0 |
From: netblue30 <netblue30@yahoo.com>
|
|
1 |
Date: Wed, 27 Jul 2016 08:05:51 -0400
|
|
2 |
Subject: [PATCH] fixed faudit compile problem for non-intel platforms
|
|
3 |
Bug: https://github.com/netblue30/firejail/issues/647
|
|
4 |
Origin: upstream, https://github.com/netblue30/firejail/commit/9d5906c708bc5123377879bc0511ed5d7fe85852
|
|
5 |
|
|
6 |
---
|
|
7 |
src/faudit/seccomp.c | 3 ++-
|
|
8 |
src/faudit/syscall.c | 4 ++++
|
|
9 |
2 files changed, 6 insertions(+), 1 deletion(-)
|
|
10 |
|
|
11 |
diff --git a/src/faudit/seccomp.c b/src/faudit/seccomp.c
|
|
12 |
index 6f5d23c..7b29994 100644
|
|
13 |
--- a/src/faudit/seccomp.c
|
|
14 |
+++ b/src/faudit/seccomp.c
|
|
15 |
@@ -86,12 +86,13 @@ void seccomp_test(void) {
|
|
16 |
printf("pivot_root... "); fflush(0);
|
|
17 |
syscall_run("pivot_root");
|
|
18 |
|
|
19 |
+#if defined(__i386__) || defined(__x86_64__)
|
|
20 |
printf("iopl... "); fflush(0);
|
|
21 |
syscall_run("iopl");
|
|
22 |
|
|
23 |
printf("ioperm... "); fflush(0);
|
|
24 |
syscall_run("ioperm");
|
|
25 |
-
|
|
26 |
+#endif
|
|
27 |
printf("\n");
|
|
28 |
}
|
|
29 |
else
|
|
30 |
diff --git a/src/faudit/syscall.c b/src/faudit/syscall.c
|
|
31 |
index bc28936..9924be0 100644
|
|
32 |
--- a/src/faudit/syscall.c
|
|
33 |
+++ b/src/faudit/syscall.c
|
|
34 |
@@ -20,7 +20,9 @@
|
|
35 |
#include "faudit.h"
|
|
36 |
#include <sys/ptrace.h>
|
|
37 |
#include <sys/swap.h>
|
|
38 |
+#if defined(__i386__) || defined(__x86_64__)
|
|
39 |
#include <sys/io.h>
|
|
40 |
+#endif
|
|
41 |
#include <sys/wait.h>
|
|
42 |
extern int init_module(void *module_image, unsigned long len,
|
|
43 |
const char *param_values);
|
|
44 |
@@ -69,6 +71,7 @@ void syscall_helper(int argc, char **argv) {
|
|
45 |
pivot_root(NULL, NULL);
|
|
46 |
printf("\nUGLY: pivot_root syscall permitted.\n");
|
|
47 |
}
|
|
48 |
+#if defined(__i386__) || defined(__x86_64__)
|
|
49 |
else if (strcmp(argv[2], "iopl") == 0) {
|
|
50 |
iopl(0L);
|
|
51 |
printf("\nUGLY: iopl syscall permitted.\n");
|
|
52 |
@@ -77,6 +80,7 @@ void syscall_helper(int argc, char **argv) {
|
|
53 |
ioperm(0, 0, 0);
|
|
54 |
printf("\nUGLY: ioperm syscall permitted.\n");
|
|
55 |
}
|
|
56 |
+#endif
|
|
57 |
exit(0);
|
|
58 |
}
|
|
59 |
|