aboutsummaryrefslogtreecommitdiff
path: root/src/common/sandbox.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/common/sandbox.c')
-rw-r--r--src/common/sandbox.c21
1 files changed, 13 insertions, 8 deletions
diff --git a/src/common/sandbox.c b/src/common/sandbox.c
index 74187e5d63..ebc843e130 100644
--- a/src/common/sandbox.c
+++ b/src/common/sandbox.c
@@ -39,8 +39,6 @@
#if defined(USE_LIBSECCOMP)
-#define _GNU_SOURCE
-
#include <sys/mman.h>
#include <sys/syscall.h>
#include <sys/types.h>
@@ -186,11 +184,17 @@ static int filter_nopar_gen[] = {
SCMP_SYS(read),
SCMP_SYS(rt_sigreturn),
SCMP_SYS(sched_getaffinity),
+#ifdef __NR_sched_yield
+ SCMP_SYS(sched_yield),
+#endif
SCMP_SYS(sendmsg),
SCMP_SYS(set_robust_list),
#ifdef __NR_setrlimit
SCMP_SYS(setrlimit),
#endif
+#ifdef __NR_sigaltstack
+ SCMP_SYS(sigaltstack),
+#endif
#ifdef __NR_sigreturn
SCMP_SYS(sigreturn),
#endif
@@ -840,7 +844,7 @@ sb_epoll_ctl(scmp_filter_ctx ctx, sandbox_cfg_t *filter)
}
/**
- * Function responsible for setting up the fcntl64 syscall for
+ * Function responsible for setting up the prctl syscall for
* the seccomp filter sandbox.
*
* NOTE: if multiple filters need to be added, the PR_SECCOMP parameter needs
@@ -861,7 +865,7 @@ sb_prctl(scmp_filter_ctx ctx, sandbox_cfg_t *filter)
}
/**
- * Function responsible for setting up the fcntl64 syscall for
+ * Function responsible for setting up the mprotect syscall for
* the seccomp filter sandbox.
*
* NOTE: does not NEED to be here.. currently only occurs before filter; will
@@ -1260,7 +1264,7 @@ prot_strings(scmp_filter_ctx ctx, sandbox_cfg_t* cfg)
/**
* Auxiliary function used in order to allocate a sandbox_cfg_t element and set
- * it's values according the the parameter list. All elements are initialised
+ * its values according the parameter list. All elements are initialised
* with the 'prot' field set to false, as the pointer is not protected at this
* point.
*/
@@ -1462,7 +1466,7 @@ static HT_HEAD(getaddrinfo_cache, cached_getaddrinfo_item_t)
HT_PROTOTYPE(getaddrinfo_cache, cached_getaddrinfo_item_t, node,
cached_getaddrinfo_item_hash,
- cached_getaddrinfo_items_eq);
+ cached_getaddrinfo_items_eq)
HT_GENERATE2(getaddrinfo_cache, cached_getaddrinfo_item_t, node,
cached_getaddrinfo_item_hash,
cached_getaddrinfo_items_eq,
@@ -1575,13 +1579,14 @@ sandbox_add_addrinfo(const char *name)
void
sandbox_free_getaddrinfo_cache(void)
{
- cached_getaddrinfo_item_t **next, **item;
+ cached_getaddrinfo_item_t **next, **item, *this;
for (item = HT_START(getaddrinfo_cache, &getaddrinfo_cache);
item;
item = next) {
+ this = *item;
next = HT_NEXT_RMV(getaddrinfo_cache, &getaddrinfo_cache, item);
- cached_getaddrinfo_item_free(*item);
+ cached_getaddrinfo_item_free(this);
}
HT_CLEAR(getaddrinfo_cache, &getaddrinfo_cache);