Permit kill(pid, 0) in the seccomp2 sandbox.

We don't want to allow general signals to be sent, but there's no
problem sending a kill(0) to probe whether a process is there.

Fixes bug 24198; bugfix on 0.2.5.1-alpha when the seccomp2 sandbox
was introduced.

2 files changed, 19 insertions, 1 deletions

diff --git a/changes/bug24198 b/changes/bug24198
new file mode 100644
index 0000000000..6790706872
--- /dev/null
+++ b/changes/bug24198
@@ -0,0 +1,4 @@
+  o Minor bugfixes (controller, linux seccomp2 sandbox):
+    - Avoid a crash when attempting to use the seccomp2 sandbox
+      together with the OwningControllerProcess feature.
+      Fixes bug 24198; bugfix on 0.2.5.1-alpha.
diff --git a/src/common/sandbox.c b/src/common/sandbox.c
index 7f4511db2a..0b862a549c 100644
--- a/src/common/sandbox.c
+++ b/src/common/sandbox.c
@@ -1050,6 +1050,19 @@ sb_stat64(scmp_filter_ctx ctx, sandbox_cfg_t *filter)
 }
 #endif
 
+static int
+sb_kill(scmp_filter_ctx ctx, sandbox_cfg_t *filter)
+{
+  (void) filter;
+#ifdef __NR_kill
+  /* Allow killing anything with signal 0 -- it isn't really a kill. */
+  return seccomp_rule_add_1(ctx, SCMP_ACT_ALLOW, SCMP_SYS(kill),
+       SCMP_CMP(1, SCMP_CMP_EQ, 0));
+#else
+  return 0;
+#endif
+}
+
 /**
  * Array of function pointers responsible for filtering different syscalls at
  * a parameter level.
@@ -1088,7 +1101,8 @@ static sandbox_filter_func_t filter_func[] = {
     sb_socket,
     sb_setsockopt,
     sb_getsockopt,
-    sb_socketpair
+    sb_socketpair,
+    sb_kill
 };
 
 const char *