diff options
author | smitsohu <smitsohu@gmail.com> | 2022-07-19 14:58:32 +0200 |
---|---|---|
committer | smitsohu <smitsohu@gmail.com> | 2022-07-19 14:58:32 +0200 |
commit | 214ac208491bbd8369d8c540e3571712d2e6665b (patch) | |
tree | 777c83b117b0aeddf5c9f559232664a01afa49ea /src/fseccomp | |
parent | remmina.profile: allow python3 (#5253) (diff) | |
download | firejail-214ac208491bbd8369d8c540e3571712d2e6665b.tar.gz firejail-214ac208491bbd8369d8c540e3571712d2e6665b.tar.zst firejail-214ac208491bbd8369d8c540e3571712d2e6665b.zip |
protocol filter: add x32 ABI handling
Diffstat (limited to 'src/fseccomp')
-rw-r--r-- | src/fseccomp/protocol.c | 9 |
1 files changed, 6 insertions, 3 deletions
diff --git a/src/fseccomp/protocol.c b/src/fseccomp/protocol.c index 25742c173..ea5cd5bd4 100644 --- a/src/fseccomp/protocol.c +++ b/src/fseccomp/protocol.c | |||
@@ -132,15 +132,18 @@ void protocol_build_filter(const char *prlist, const char *fname) { | |||
132 | EXAMINE_SYSCALL, // 1 | 132 | EXAMINE_SYSCALL, // 1 |
133 | // checking SYS_socket only: filtering SYS_socketcall not possible with seccomp | 133 | // checking SYS_socket only: filtering SYS_socketcall not possible with seccomp |
134 | ONLY(359), // 1 + 2 | 134 | ONLY(359), // 1 + 2 |
135 | BPF_JUMP(BPF_JMP+BPF_JA+BPF_K, (3 + 1 + 2), 0, 0), // 1 + 2 + 1 | 135 | BPF_JUMP(BPF_JMP+BPF_JA+BPF_K, (3 + 1 + 3 + 2), 0, 0), // 1 + 2 + 1 |
136 | #else | 136 | #else |
137 | #warning 32 bit protocol filter not implemented yet for your architecture | 137 | #warning 32 bit protocol filter not implemented yet for your architecture |
138 | #endif | 138 | #endif |
139 | VALIDATE_ARCHITECTURE, // 3 | 139 | VALIDATE_ARCHITECTURE, // 3 |
140 | EXAMINE_SYSCALL, // 3 + 1 | 140 | EXAMINE_SYSCALL, // 3 + 1 |
141 | ONLY(SYS_socket), // 3 + 1 + 2 | 141 | #if defined __x86_64__ |
142 | HANDLE_X32, // 3 + 1 + 3 | ||
143 | #endif | ||
144 | ONLY(SYS_socket), // 3 + 1 (+ 3) + 2 | ||
142 | 145 | ||
143 | EXAMINE_ARGUMENT(0) // 3 + 1 + 2 + 1 | 146 | EXAMINE_ARGUMENT(0) // 3 + 1 (+ 3) + 2 + 1 |
144 | }; | 147 | }; |
145 | memcpy(ptr, &filter_start[0], sizeof(filter_start)); | 148 | memcpy(ptr, &filter_start[0], sizeof(filter_start)); |
146 | ptr += sizeof(filter_start); | 149 | ptr += sizeof(filter_start); |