From af582c79f9115daa4f0d6570eb33a5512d05492a Mon Sep 17 00:00:00 2001
From: netblue30 <netblue30@yahoo.com>
Date: Sat, 20 Aug 2016 10:20:32 -0400
Subject: disable x32 ABI

---
 src/firejail/seccomp.c | 12 ++++++++++++
 1 file changed, 12 insertions(+)

(limited to 'src')

diff --git a/src/firejail/seccomp.c b/src/firejail/seccomp.c
index 7a015963b..0826822bd 100644
--- a/src/firejail/seccomp.c
+++ b/src/firejail/seccomp.c
@@ -101,10 +101,22 @@ static void filter_init(void) {
 	sfilter_alloc_size = SECSIZE;
 	
 	// copy the start entries
+#if defined(__x86_64__)
+#define X32_SYSCALL_BIT 0x40000000
+	struct sock_filter filter[] = {
+		VALIDATE_ARCHITECTURE,
+		EXAMINE_SYSCALL,
+		// handle X32 ABI
+		BPF_JUMP(BPF_JMP+BPF_JGE+BPF_K, X32_SYSCALL_BIT, 1, 0),
+		BPF_JUMP(BPF_JMP+BPF_JGE+BPF_K, 0, 1, 0),
+		RETURN_ERRNO(EPERM)
+	};
+#else
 	struct sock_filter filter[] = {
 		VALIDATE_ARCHITECTURE,
 		EXAMINE_SYSCALL
 	};
+#endif
 	sfilter_index = sizeof(filter) / sizeof(struct sock_filter);	
 	memcpy(sfilter, filter, sizeof(filter));
 }
-- 
cgit v1.2.3-70-g09d2