From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id EEF841385BF for ; Fri, 28 Aug 2015 00:33:55 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 4578CE0914; Fri, 28 Aug 2015 00:33:50 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id D95CFE0914 for ; Fri, 28 Aug 2015 00:33:49 +0000 (UTC) Received: from oystercatcher.gentoo.org (oystercatcher.gentoo.org [148.251.78.52]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id E40D0340B9A for ; Fri, 28 Aug 2015 00:33:47 +0000 (UTC) Received: from localhost.localdomain (localhost [127.0.0.1]) by oystercatcher.gentoo.org (Postfix) with ESMTP id 08EF616B for ; Fri, 28 Aug 2015 00:33:46 +0000 (UTC) From: "Mike Frysinger" To: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: 8bit Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Mike Frysinger" Message-ID: <1440721750.6fa4f469c4b0f44259b1cc8c984bfcaa655a2f83.vapier@gentoo> Subject: [gentoo-commits] proj/pax-utils:master commit in: / X-VCS-Repository: proj/pax-utils X-VCS-Files: security.c X-VCS-Directories: / X-VCS-Committer: vapier X-VCS-Committer-Name: Mike Frysinger X-VCS-Revision: 6fa4f469c4b0f44259b1cc8c984bfcaa655a2f83 X-VCS-Branch: master Date: Fri, 28 Aug 2015 00:33:46 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org X-Archives-Salt: 0d5307bf-ecb0-4310-90ff-aba138a1e9c6 X-Archives-Hash: fc9c441183bee6fe9e21f805e538a985 commit: 6fa4f469c4b0f44259b1cc8c984bfcaa655a2f83 Author: Mike Frysinger gentoo org> AuthorDate: Fri Aug 28 00:29:10 2015 +0000 Commit: Mike Frysinger gentoo org> CommitDate: Fri Aug 28 00:29:10 2015 +0000 URL: https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=6fa4f469 security: do not warn when seccomp is disabled in the kernel If the seccomp feature is disabled in the kernel, we'll get back EINVAL from the prctl call. There's no simple way to differentiate between a real EINVAL (bad filter args), so we'll just assume that libseccomp knows what it is doing. Reported-by: Piotr Karbowski gmail.com> URL: https://bugs.gentoo.org/558414 security.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/security.c b/security.c index 1fa64a0..af264ae 100644 --- a/security.c +++ b/security.c @@ -163,8 +163,11 @@ static void pax_seccomp_init(bool allow_forking) #ifndef __SANITIZE_ADDRESS__ /* ASAN does some weird stuff. */ - if (seccomp_load(ctx) < 0) - warnp("seccomp_load failed"); + if (seccomp_load(ctx) < 0) { + /* We have to assume that EINVAL == CONFIG_SECCOMP is disabled. */ + if (errno != EINVAL) + warnp("seccomp_load failed"); + } #endif done: