Codebase list rust-libslirp / 2bea757
sniffglue: allow missing syscalls kpcyrd 3 years ago
5 changed file(s) with 59 addition(s) and 4 deletion(s). Raw diff Collapse all Expand all
+6
-0
src/sniffglue/debian/changelog less more
0 rust-sniffglue (0.11.1-6) UNRELEASED-FIXME-AUTOGENERATED-DEBCARGO; urgency=medium
1
2 * Add missing syscalls to seccomp filter (Closes: #985858)
3
4 -- kpcyrd <git@rxv.cc> Tue, 23 Mar 2021 02:42:26 +0100
5
06 rust-sniffglue (0.11.1-5) unstable; urgency=medium
17
28 * Team upload.
+2
-2
src/sniffglue/debian/copyright less more
88
99 Files: debian/*
1010 Copyright:
11 2018-2020 Debian Rust Maintainers <pkg-rust-maintainers@alioth-lists.debian.net>
12 2018-2020 kpcyrd <git@rxv.cc>
11 2018-2021 Debian Rust Maintainers <pkg-rust-maintainers@alioth-lists.debian.net>
12 2018-2021 kpcyrd <git@rxv.cc>
1313 License: GPL-3.0
1414
1515 License: GPL-3.0
+2
-2
src/sniffglue/debian/copyright.debcargo.hint less more
2020
2121 Files: debian/*
2222 Copyright:
23 2018-2020 Debian Rust Maintainers <pkg-rust-maintainers@alioth-lists.debian.net>
24 2018-2020 kpcyrd <git@rxv.cc>
23 2018-2021 Debian Rust Maintainers <pkg-rust-maintainers@alioth-lists.debian.net>
24 2018-2021 kpcyrd <git@rxv.cc>
2525 License: GPL-3.0
2626
2727 License: GPL-3.0
+48
-0
src/sniffglue/debian/patches/seccomp.patch less more
0 diff --git a/src/sandbox/seccomp.rs b/src/sandbox/seccomp.rs
1 index bfa2e49..0cb5837 100644
2 --- a/src/sandbox/seccomp.rs
3 +++ b/src/sandbox/seccomp.rs
4 @@ -43,6 +44,8 @@ pub fn activate_stage1() -> Result<(), syscallz::Error> {
5 #[cfg(target_arch = "arm")]
6 ctx.allow_syscall(Syscall::send)?;
7 ctx.allow_syscall(Syscall::sendto)?;
8 + #[cfg(target_arch = "arm")]
9 + ctx.allow_syscall(Syscall::recv)?;
10 ctx.allow_syscall(Syscall::recvfrom)?;
11 ctx.allow_syscall(Syscall::sendmsg)?;
12 ctx.allow_syscall(Syscall::recvmsg)?;
13 @@ -99,7 +102,7 @@ pub fn activate_stage1() -> Result<(), syscallz::Error> {
14 ctx.allow_syscall(Syscall::exit_group)?;
15 ctx.allow_syscall(Syscall::set_robust_list)?;
16 ctx.allow_syscall(Syscall::openat)?;
17 - #[cfg(target_arch = "aarch64")]
18 + #[cfg(any(target_arch = "x86_64", target_arch = "aarch64"))]
19 ctx.allow_syscall(Syscall::newfstatat)?;
20 ctx.allow_syscall(Syscall::seccomp)?; // needed for stage2
21 ctx.allow_syscall(Syscall::getrandom)?;
22 @@ -117,6 +120,7 @@ pub fn activate_stage1() -> Result<(), syscallz::Error> {
23 #[cfg(not(target_arch = "aarch64"))]
24 ctx.allow_syscall(Syscall::access)?; // needed for debian /etc/ld.so.nohwcap
25 ctx.allow_syscall(Syscall::faccessat)?; // needed for debian /etc/ld.so.nohwcap
26 + ctx.allow_syscall(Syscall::eventfd2)?;
27
28 ctx.load()?;
29
30 @@ -153,13 +157,15 @@ pub fn activate_stage2() -> Result<(), syscallz::Error> {
31 // ctx.allow_syscall(Syscall::socket)?;
32 // ctx.allow_syscall(Syscall::connect)?;
33 // ctx.allow_syscall(Syscall::sendto)?;
34 + #[cfg(target_arch = "arm")]
35 + ctx.allow_syscall(Syscall::recv)?;
36 // ctx.allow_syscall(Syscall::recvfrom)?;
37 // ctx.allow_syscall(Syscall::sendmsg)?;
38 // ctx.allow_syscall(Syscall::recvmsg)?;
39 // ctx.allow_syscall(Syscall::bind)?;
40 - // ctx.allow_syscall(Syscall::getsockname)?;
41 + ctx.allow_syscall(Syscall::getsockname)?;
42 ctx.allow_syscall(Syscall::setsockopt)?;
43 - // ctx.allow_syscall(Syscall::getsockopt)?;
44 + ctx.allow_syscall(Syscall::getsockopt)?;
45 ctx.allow_syscall(Syscall::clone)?;
46 // ctx.allow_syscall(Syscall::uname)?;
47 // ctx.allow_syscall(Syscall::fcntl)?;
+1
-0
src/sniffglue/debian/patches/series less more
00 relax-deps.patch
11 fix-dep.diff
2 seccomp.patch