diff options
| author |  smitsohu <smitsohu@gmail.com> | 2022-07-19 14:58:32 +0200 |
|---|---|---|
| committer | smitsohu <smitsohu@gmail.com> | 2022-07-19 14:58:32 +0200 |
| commit | 214ac208491bbd8369d8c540e3571712d2e6665b (patch) | |
| tree | 777c83b117b0aeddf5c9f559232664a01afa49ea | |
| parent | remmina.profile: allow python3 (#5253) (diff) | |
| download | firejail-214ac208491bbd8369d8c540e3571712d2e6665b.tar.gz firejail-214ac208491bbd8369d8c540e3571712d2e6665b.tar.zst firejail-214ac208491bbd8369d8c540e3571712d2e6665b.zip | |
protocol filter: add x32 ABI handling
| -rw-r--r-- | src/fseccomp/protocol.c | 9 |
1 files changed, 6 insertions, 3 deletions
diff --git a/src/fseccomp/protocol.c b/src/fseccomp/protocol.c index 25742c173..ea5cd5bd4 100644 --- a/src/fseccomp/protocol.c +++ b/src/fseccomp/protocol.c | |||
| @@ -132,15 +132,18 @@ void protocol_build_filter(const char *prlist, const char *fname) { | |||
| 132 | EXAMINE_SYSCALL, // 1 | 132 | EXAMINE_SYSCALL, // 1 |
| 133 | // checking SYS_socket only: filtering SYS_socketcall not possible with seccomp | 133 | // checking SYS_socket only: filtering SYS_socketcall not possible with seccomp |
| 134 | ONLY(359), // 1 + 2 | 134 | ONLY(359), // 1 + 2 |
| 135 | BPF_JUMP(BPF_JMP+BPF_JA+BPF_K, (3 + 1 + 2), 0, 0), // 1 + 2 + 1 | 135 | BPF_JUMP(BPF_JMP+BPF_JA+BPF_K, (3 + 1 + 3 + 2), 0, 0), // 1 + 2 + 1 |
| 136 | #else | 136 | #else |
| 137 | #warning 32 bit protocol filter not implemented yet for your architecture | 137 | #warning 32 bit protocol filter not implemented yet for your architecture |
| 138 | #endif | 138 | #endif |
| 139 | VALIDATE_ARCHITECTURE, // 3 | 139 | VALIDATE_ARCHITECTURE, // 3 |
| 140 | EXAMINE_SYSCALL, // 3 + 1 | 140 | EXAMINE_SYSCALL, // 3 + 1 |
| 141 | ONLY(SYS_socket), // 3 + 1 + 2 | 141 | #if defined __x86_64__ |
| 142 | HANDLE_X32, // 3 + 1 + 3 | ||
| 143 | #endif | ||
| 144 | ONLY(SYS_socket), // 3 + 1 (+ 3) + 2 | ||
| 142 | 145 | ||
| 143 | EXAMINE_ARGUMENT(0) // 3 + 1 + 2 + 1 | 146 | EXAMINE_ARGUMENT(0) // 3 + 1 (+ 3) + 2 + 1 |
| 144 | }; | 147 | }; |
| 145 | memcpy(ptr, &filter_start[0], sizeof(filter_start)); | 148 | memcpy(ptr, &filter_start[0], sizeof(filter_start)); |
| 146 | ptr += sizeof(filter_start); | 149 | ptr += sizeof(filter_start); |