commit: 6fa4f469c4b0f44259b1cc8c984bfcaa655a2f83 Author: Mike Frysinger <vapier <AT> gentoo <DOT> org> AuthorDate: Fri Aug 28 00:29:10 2015 +0000 Commit: Mike Frysinger <vapier <AT> gentoo <DOT> org> CommitDate: Fri Aug 28 00:29:10 2015 +0000 URL: https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=6fa4f469
security: do not warn when seccomp is disabled in the kernel If the seccomp feature is disabled in the kernel, we'll get back EINVAL from the prctl call. There's no simple way to differentiate between a real EINVAL (bad filter args), so we'll just assume that libseccomp knows what it is doing. Reported-by: Piotr Karbowski <piotr.karbowski <AT> gmail.com> URL: https://bugs.gentoo.org/558414 security.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/security.c b/security.c index 1fa64a0..af264ae 100644 --- a/security.c +++ b/security.c @@ -163,8 +163,11 @@ static void pax_seccomp_init(bool allow_forking) #ifndef __SANITIZE_ADDRESS__ /* ASAN does some weird stuff. */ - if (seccomp_load(ctx) < 0) - warnp("seccomp_load failed"); + if (seccomp_load(ctx) < 0) { + /* We have to assume that EINVAL == CONFIG_SECCOMP is disabled. */ + if (errno != EINVAL) + warnp("seccomp_load failed"); + } #endif done:
