From 0d64bafcfedd259fb15b3ee85a7b00a840aec73b Mon Sep 17 00:00:00 2001 From: Peter Gerber Date: Mon, 10 Jun 2019 14:56:31 +0200 Subject: Correct how we use libseccomp This fixes a startup crash with libseccomp v2.4.0 if Sandbox is set to 1. --- changes/bug29819 | 8 ++++++++ 1 file changed, 8 insertions(+) create mode 100644 changes/bug29819 (limited to 'changes') diff --git a/changes/bug29819 b/changes/bug29819 new file mode 100644 index 0000000000..d37ac83d66 --- /dev/null +++ b/changes/bug29819 @@ -0,0 +1,8 @@ + o Minor bugfixes (linux seccomp sandbox): + - Correct how we use libseccomp. Particularly, stop assuming that + rules are applied in a particular order or that more rules are + processed after the first match. Neither is the case! In libseccomp + <2.4.0 this lead to some rules having no effect. Libseccomp 2.4.0 + changed how rules are generated leading to a different ordering + which in turn lead to a fatal crash during startup. Fixes bug + 29819; bugfix on 0.2.5.1-alpha. Patch by Peter Gerber. -- cgit v1.2.3-54-g00ecf