diff options
Diffstat (limited to 'src/fseccomp/seccomp.c')
| -rw-r--r-- | src/fseccomp/seccomp.c | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/src/fseccomp/seccomp.c b/src/fseccomp/seccomp.c index 777c38c43..0ecf708ce 100644 --- a/src/fseccomp/seccomp.c +++ b/src/fseccomp/seccomp.c | |||
| @@ -242,6 +242,10 @@ void memory_deny_write_execute(const char *fname) { | |||
| 242 | 242 | ||
| 243 | // same for pkey_mprotect(,,PROT_EXEC), where available | 243 | // same for pkey_mprotect(,,PROT_EXEC), where available |
| 244 | #ifdef SYS_pkey_mprotect | 244 | #ifdef SYS_pkey_mprotect |
| 245 | #ifdef __NR_pkey_mprotect | ||
| 246 | // RasPi 2 (kernel 4.14.37) seems to have SYS_pkey_mprotect #defined as __NR_pkey_mprotect | ||
| 247 | // but no __NR_pkey_mprotect defined? | ||
| 248 | // issue #1948 | ||
| 245 | BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, SYS_pkey_mprotect, 0, 5), | 249 | BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, SYS_pkey_mprotect, 0, 5), |
| 246 | EXAMINE_ARGUMENT(2), | 250 | EXAMINE_ARGUMENT(2), |
| 247 | BPF_STMT(BPF_ALU+BPF_AND+BPF_K, PROT_EXEC), | 251 | BPF_STMT(BPF_ALU+BPF_AND+BPF_K, PROT_EXEC), |
| @@ -249,6 +253,7 @@ void memory_deny_write_execute(const char *fname) { | |||
| 249 | KILL_PROCESS, | 253 | KILL_PROCESS, |
| 250 | RETURN_ALLOW, | 254 | RETURN_ALLOW, |
| 251 | #endif | 255 | #endif |
| 256 | #endif | ||
| 252 | 257 | ||
| 253 | // shmat is not implemented as a syscall on some platforms (i386, powerpc64, powerpc64le) | 258 | // shmat is not implemented as a syscall on some platforms (i386, powerpc64, powerpc64le) |
| 254 | #ifdef SYS_shmat | 259 | #ifdef SYS_shmat |