commit: 1f7a936b5cd7673275540ef73fdeb29fba821a15 Author: Mike Frysinger <vapier <AT> gentoo <DOT> org> AuthorDate: Sat Sep 19 05:08:46 2015 +0000 Commit: Mike Frysinger <vapier <AT> gentoo <DOT> org> CommitDate: Sat Sep 19 05:08:46 2015 +0000 URL: https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=1f7a936b
security: whitelist the futex syscall When building with openmp, often libpthread is linked in and code automatically generated using it. That means lower mutexes end up calling the futex syscall. This isn't just when pax-utils is built with openmp, but it also applies when libraries it links with are built with openmp. Reported-by: florianmey <AT> gmx.de URL: https://bugs.gentoo.org/559814 security.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/security.c b/security.c index da881e8..af06dcb 100644 --- a/security.c +++ b/security.c @@ -123,6 +123,9 @@ static void pax_seccomp_init(bool allow_forking) SCMP_SYS(_llseek), SCMP_SYS(mprotect), + /* Syscalls listed because of compiler settings. */ + SCMP_SYS(futex), + /* Syscalls listed because of sandbox. */ SCMP_SYS(readlink),
