diff options
| author | David Goulet <dgoulet@torproject.org> | 2022-03-28 09:45:16 -0400 |
|---|---|---|
| committer | David Goulet <dgoulet@torproject.org> | 2022-03-28 09:45:16 -0400 |
| commit | d682b70e7c62c7cf9236cb4301003a4559aa17d8 (patch) | |
| tree | 883d1b9b15753a3842c5216f4beb05f5ad04454a | |
| parent | 5dcc2322b7ae0b24931e8f75f2b5bc88be350eeb (diff) | |
| parent | d14af825ce9b2dbacdc11aa73340458bfef5b190 (diff) | |
| download | tor-d682b70e7c62c7cf9236cb4301003a4559aa17d8.tar.gz tor-d682b70e7c62c7cf9236cb4301003a4559aa17d8.zip | |
Merge branch 'maint-0.4.6' into release-0.4.6
| -rw-r--r-- | changes/clone3-sandbox | 3 | ||||
| -rw-r--r-- | src/lib/sandbox/sandbox.c | 3 |
2 files changed, 6 insertions, 0 deletions
diff --git a/changes/clone3-sandbox b/changes/clone3-sandbox new file mode 100644 index 0000000000..dac8fe72da --- /dev/null +++ b/changes/clone3-sandbox @@ -0,0 +1,3 @@ + o Minor features (linux seccomp2 sandbox): + - Permit the clone3 syscall, which is apparently used in glibc-2.34 and + later. Closes ticket 40590. diff --git a/src/lib/sandbox/sandbox.c b/src/lib/sandbox/sandbox.c index 02222e5a1c..5f73fd2b46 100644 --- a/src/lib/sandbox/sandbox.c +++ b/src/lib/sandbox/sandbox.c @@ -152,6 +152,9 @@ static int filter_nopar_gen[] = { SCMP_SYS(close), SCMP_SYS(clone), SCMP_SYS(dup), +#ifdef __NR_clone3 + SCMP_SYS(clone3), +#endif SCMP_SYS(epoll_create), SCMP_SYS(epoll_wait), #ifdef __NR_epoll_pwait |