diff options
| author |  netblue30 <netblue30@yahoo.com> | 2017-08-22 18:54:28 -0400 |
|---|---|---|
| committer | netblue30 <netblue30@yahoo.com> | 2017-08-22 18:54:28 -0400 |
| commit | 0bbc5dc8bd769691d73ded2b3589c1482746926e (patch) | |
| tree | 4c31bfe923cec70a8d4df544d6b5200a3fa067a2 /src | |
| parent | testing (diff) | |
| download | firejail-0bbc5dc8bd769691d73ded2b3589c1482746926e.tar.gz firejail-0bbc5dc8bd769691d73ded2b3589c1482746926e.tar.zst firejail-0bbc5dc8bd769691d73ded2b3589c1482746926e.zip | |
seccomp: fix errno
Diffstat (limited to 'src')
| -rw-r--r-- | src/fseccomp/syscall.c | 31 |
1 files changed, 25 insertions, 6 deletions
diff --git a/src/fseccomp/syscall.c b/src/fseccomp/syscall.c index 08ae5953d..8afa3f63d 100644 --- a/src/fseccomp/syscall.c +++ b/src/fseccomp/syscall.c | |||
| @@ -492,10 +492,15 @@ int syscall_check_list(const char *slist, void (*callback)(int fd, int syscall, | |||
| 492 | fprintf(stderr, "Warning fseccomp: syscall \"%s\" not available on this platform\n", ptr); | 492 | fprintf(stderr, "Warning fseccomp: syscall \"%s\" not available on this platform\n", ptr); |
| 493 | } | 493 | } |
| 494 | else if (callback != NULL) { | 494 | else if (callback != NULL) { |
| 495 | if (error_nr != -1) | 495 | if (error_nr != -1 && fd != 0) { |
| 496 | filter_add_errno(fd, syscall_nr, error_nr, ptrarg); | 496 | filter_add_errno(fd, syscall_nr, error_nr, ptrarg); |
| 497 | else | 497 | } |
| 498 | else if (error_nr != -1 && fd == 0) { | ||
| 499 | callback(fd, syscall_nr, error_nr, ptrarg); | ||
| 500 | } | ||
| 501 | else { | ||
| 498 | callback(fd, syscall_nr, arg, ptrarg); | 502 | callback(fd, syscall_nr, arg, ptrarg); |
| 503 | } | ||
| 499 | } | 504 | } |
| 500 | } | 505 | } |
| 501 | ptr = strtok_r(NULL, ",", &saveptr); | 506 | ptr = strtok_r(NULL, ",", &saveptr); |
| @@ -523,20 +528,34 @@ static void syscall_in_list(int fd, int syscall, int arg, void *ptrarg) { | |||
| 523 | sl.syscall = syscall; | 528 | sl.syscall = syscall; |
| 524 | syscall_check_list(ptr->slist, find_syscall, fd, 0, &sl); | 529 | syscall_check_list(ptr->slist, find_syscall, fd, 0, &sl); |
| 525 | // if found in the problem list, add to post-exec list | 530 | // if found in the problem list, add to post-exec list |
| 526 | if (sl.found) | 531 | if (sl.found) { |
| 527 | if (ptr->postlist) { | 532 | if (ptr->postlist) { |
| 528 | if (asprintf(&ptr->postlist, "%s,%s", ptr->postlist, syscall_find_nr(syscall)) == -1) | 533 | if (asprintf(&ptr->postlist, "%s,%s", ptr->postlist, syscall_find_nr(syscall)) == -1) |
| 529 | errExit("asprintf"); | 534 | errExit("asprintf"); |
| 530 | } | 535 | } |
| 531 | else | 536 | else |
| 532 | ptr->postlist = strdup(syscall_find_nr(syscall)); | 537 | ptr->postlist = strdup(syscall_find_nr(syscall)); |
| 533 | else // no problem, add to pre-exec list | 538 | } |
| 539 | else { // no problem, add to pre-exec list | ||
| 540 | // build syscall:error_no | ||
| 541 | char *newcall; | ||
| 542 | if (arg != 0) { | ||
| 543 | if (asprintf(&newcall, "%s:%s", syscall_find_nr(syscall), errno_find_nr(arg)) == -1) | ||
| 544 | errExit("asprintf"); | ||
| 545 | } | ||
| 546 | else { | ||
| 547 | newcall = strdup(syscall_find_nr(syscall)); | ||
| 548 | if (!newcall) | ||
| 549 | errExit("strdup"); | ||
| 550 | } | ||
| 551 | |||
| 534 | if (ptr->prelist) { | 552 | if (ptr->prelist) { |
| 535 | if (asprintf(&ptr->prelist, "%s,%s", ptr->prelist, syscall_find_nr(syscall)) == -1) | 553 | if (asprintf(&ptr->prelist, "%s,%s", ptr->prelist, newcall) == -1) |
| 536 | errExit("asprintf"); | 554 | errExit("asprintf"); |
| 537 | } | 555 | } |
| 538 | else | 556 | else |
| 539 | ptr->prelist = strdup(syscall_find_nr(syscall)); | 557 | ptr->prelist = newcall; |
| 558 | } | ||
| 540 | } | 559 | } |
| 541 | 560 | ||
| 542 | // go through list and find matches for syscalls in list @default-keep | 561 | // go through list and find matches for syscalls in list @default-keep |