-
-
Notifications
You must be signed in to change notification settings - Fork 3.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
seccomp: more comprehensive protection against libseccomp's __NR_xyz … #14032
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…namespace invasion A follow-up for 59b6572, adding the same conditioning for all cases of our __NR_xyz use. Fixes: systemd#14031
LGTM. |
bionic-ppc64el failed with "FAILED TESTS: TEST-08-ISSUE-2730", but I don't see the actual error. Seems to be some timeout. Let's assume that it's unrelated. |
SamBissig
pushed a commit
to toradex/meta-toradex-torizon
that referenced
this pull request
Jan 7, 2020
Fix a following compiling issue when seccomp is enabled by PACKAGECONFIG: | ../test-seccomp.c: In function 'test_protect_sysctl': | ../test-seccomp.c:307:5: error: "__NR__sysctl" is not defined, evaluates to 0 [-Werror=undef] | 307 | #if __NR__sysctl > 0 | | ^~~~~~~~~~~~ Reference: systemd/systemd#14032 Signed-off-by: Ming Liu <ming.liu@toradex.com>
SamBissig
pushed a commit
to toradex/meta-toradex-torizon
that referenced
this pull request
Jan 7, 2020
Fix a following compiling issue when seccomp is enabled by PACKAGECONFIG: | ../test-seccomp.c: In function 'test_protect_sysctl': | ../test-seccomp.c:307:5: error: "__NR__sysctl" is not defined, evaluates to 0 [-Werror=undef] | 307 | #if __NR__sysctl > 0 | | ^~~~~~~~~~~~ Reference: systemd/systemd#14032 Signed-off-by: Ming Liu <ming.liu@toradex.com>
halstead
pushed a commit
to openembedded/openembedded-core
that referenced
this pull request
Jan 23, 2020
Fix a following compiling issue when seccomp is enabled by PACKAGECONFIG: | ../test-seccomp.c: In function 'test_protect_sysctl': | ../test-seccomp.c:307:5: error: "__NR__sysctl" is not defined, evaluates to 0 [-Werror=undef] | 307 | #if __NR__sysctl > 0 | | ^~~~~~~~~~~~ Reference: systemd/systemd#14032 Signed-off-by: Ming Liu <liu.ming50@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
kraj
pushed a commit
to YoeDistro/poky-old
that referenced
this pull request
Jan 23, 2020
Fix a following compiling issue when seccomp is enabled by PACKAGECONFIG: | ../test-seccomp.c: In function 'test_protect_sysctl': | ../test-seccomp.c:307:5: error: "__NR__sysctl" is not defined, evaluates to 0 [-Werror=undef] | 307 | #if __NR__sysctl > 0 | | ^~~~~~~~~~~~ Reference: systemd/systemd#14032 (From OE-Core rev: e5c8248aab019ad79c124fac9a6116dbd774a411) Signed-off-by: Ming Liu <liu.ming50@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
kraj
pushed a commit
to YoeDistro/poky-old
that referenced
this pull request
Jan 23, 2020
Fix a following compiling issue when seccomp is enabled by PACKAGECONFIG: | ../test-seccomp.c: In function 'test_protect_sysctl': | ../test-seccomp.c:307:5: error: "__NR__sysctl" is not defined, evaluates to 0 [-Werror=undef] | 307 | #if __NR__sysctl > 0 | | ^~~~~~~~~~~~ Reference: systemd/systemd#14032 (From OE-Core rev: e5c8248aab019ad79c124fac9a6116dbd774a411) Signed-off-by: Ming Liu <liu.ming50@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
kraj
pushed a commit
to YoeDistro/poky-old
that referenced
this pull request
Jan 24, 2020
Fix a following compiling issue when seccomp is enabled by PACKAGECONFIG: | ../test-seccomp.c: In function 'test_protect_sysctl': | ../test-seccomp.c:307:5: error: "__NR__sysctl" is not defined, evaluates to 0 [-Werror=undef] | 307 | #if __NR__sysctl > 0 | | ^~~~~~~~~~~~ Reference: systemd/systemd#14032 (From OE-Core rev: e5c8248aab019ad79c124fac9a6116dbd774a411) Signed-off-by: Ming Liu <liu.ming50@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
kraj
pushed a commit
to YoeDistro/poky-old
that referenced
this pull request
Jan 24, 2020
Fix a following compiling issue when seccomp is enabled by PACKAGECONFIG: | ../test-seccomp.c: In function 'test_protect_sysctl': | ../test-seccomp.c:307:5: error: "__NR__sysctl" is not defined, evaluates to 0 [-Werror=undef] | 307 | #if __NR__sysctl > 0 | | ^~~~~~~~~~~~ Reference: systemd/systemd#14032 (From OE-Core rev: e5c8248aab019ad79c124fac9a6116dbd774a411) Signed-off-by: Ming Liu <liu.ming50@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
kraj
pushed a commit
to YoeDistro/poky-old
that referenced
this pull request
Jan 24, 2020
Fix a following compiling issue when seccomp is enabled by PACKAGECONFIG: | ../test-seccomp.c: In function 'test_protect_sysctl': | ../test-seccomp.c:307:5: error: "__NR__sysctl" is not defined, evaluates to 0 [-Werror=undef] | 307 | #if __NR__sysctl > 0 | | ^~~~~~~~~~~~ Reference: systemd/systemd#14032 (From OE-Core rev: e5c8248aab019ad79c124fac9a6116dbd774a411) Signed-off-by: Ming Liu <liu.ming50@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
kraj
pushed a commit
to YoeDistro/poky-old
that referenced
this pull request
Jan 26, 2020
Fix a following compiling issue when seccomp is enabled by PACKAGECONFIG: | ../test-seccomp.c: In function 'test_protect_sysctl': | ../test-seccomp.c:307:5: error: "__NR__sysctl" is not defined, evaluates to 0 [-Werror=undef] | 307 | #if __NR__sysctl > 0 | | ^~~~~~~~~~~~ Reference: systemd/systemd#14032 (From OE-Core rev: e5c8248aab019ad79c124fac9a6116dbd774a411) Signed-off-by: Ming Liu <liu.ming50@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
kraj
pushed a commit
to YoeDistro/poky-old
that referenced
this pull request
Jan 26, 2020
Fix a following compiling issue when seccomp is enabled by PACKAGECONFIG: | ../test-seccomp.c: In function 'test_protect_sysctl': | ../test-seccomp.c:307:5: error: "__NR__sysctl" is not defined, evaluates to 0 [-Werror=undef] | 307 | #if __NR__sysctl > 0 | | ^~~~~~~~~~~~ Reference: systemd/systemd#14032 (From OE-Core rev: e5c8248aab019ad79c124fac9a6116dbd774a411) Signed-off-by: Ming Liu <liu.ming50@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
halstead
pushed a commit
to openembedded/openembedded-core
that referenced
this pull request
Jan 27, 2020
Fix a following compiling issue when seccomp is enabled by PACKAGECONFIG: | ../test-seccomp.c: In function 'test_protect_sysctl': | ../test-seccomp.c:307:5: error: "__NR__sysctl" is not defined, evaluates to 0 [-Werror=undef] | 307 | #if __NR__sysctl > 0 | | ^~~~~~~~~~~~ Reference: systemd/systemd#14032 Signed-off-by: Ming Liu <liu.ming50@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
kraj
pushed a commit
to YoeDistro/poky-old
that referenced
this pull request
Jan 27, 2020
Fix a following compiling issue when seccomp is enabled by PACKAGECONFIG: | ../test-seccomp.c: In function 'test_protect_sysctl': | ../test-seccomp.c:307:5: error: "__NR__sysctl" is not defined, evaluates to 0 [-Werror=undef] | 307 | #if __NR__sysctl > 0 | | ^~~~~~~~~~~~ Reference: systemd/systemd#14032 (From OE-Core rev: e0e7a6a8b4041d858e6a5f0e7d32f5df38ac53c5) Signed-off-by: Ming Liu <liu.ming50@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
jpuhlman
pushed a commit
to MontaVista-OpenSourceTechnology/poky
that referenced
this pull request
Jan 27, 2020
Source: poky MR: 00000 Type: Integration Disposition: Merged from poky ChangeID: a315a01 Description: Fix a following compiling issue when seccomp is enabled by PACKAGECONFIG: | ../test-seccomp.c: In function 'test_protect_sysctl': | ../test-seccomp.c:307:5: error: "__NR__sysctl" is not defined, evaluates to 0 [-Werror=undef] | 307 | #if __NR__sysctl > 0 | | ^~~~~~~~~~~~ Reference: systemd/systemd#14032 (From OE-Core rev: e0e7a6a8b4041d858e6a5f0e7d32f5df38ac53c5) Signed-off-by: Ming Liu <liu.ming50@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Jeremy Puhlman <jpuhlman@mvista.com>
thochstein
pushed a commit
to thochstein/openembedded-core
that referenced
this pull request
Mar 25, 2020
Fix a following compiling issue when seccomp is enabled by PACKAGECONFIG: | ../test-seccomp.c: In function 'test_protect_sysctl': | ../test-seccomp.c:307:5: error: "__NR__sysctl" is not defined, evaluates to 0 [-Werror=undef] | 307 | #if __NR__sysctl > 0 | | ^~~~~~~~~~~~ Reference: systemd/systemd#14032 Signed-off-by: Ming Liu <liu.ming50@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
jsynacek
pushed a commit
to redhat-plumbers/systemd-rhel8
that referenced
this pull request
Jun 4, 2020
Loosely based on systemd/systemd#14032 and systemd/systemd#14268. Related: #1843871
tunayan
pushed a commit
to tunayan/poky-mirror
that referenced
this pull request
Aug 2, 2023
Fix a following compiling issue when seccomp is enabled by PACKAGECONFIG: | ../test-seccomp.c: In function 'test_protect_sysctl': | ../test-seccomp.c:307:5: error: "__NR__sysctl" is not defined, evaluates to 0 [-Werror=undef] | 307 | #if __NR__sysctl > 0 | | ^~~~~~~~~~~~ Reference: systemd/systemd#14032 (From OE-Core rev: e0e7a6a) Signed-off-by: Ming Liu <liu.ming50@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
daregit
pushed a commit
to daregit/yocto-combined
that referenced
this pull request
May 22, 2024
Fix a following compiling issue when seccomp is enabled by PACKAGECONFIG: | ../test-seccomp.c: In function 'test_protect_sysctl': | ../test-seccomp.c:307:5: error: "__NR__sysctl" is not defined, evaluates to 0 [-Werror=undef] | 307 | #if __NR__sysctl > 0 | | ^~~~~~~~~~~~ Reference: systemd/systemd#14032 (From OE-Core rev: e0e7a6a8b4041d858e6a5f0e7d32f5df38ac53c5) Signed-off-by: Ming Liu <liu.ming50@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
daregit
pushed a commit
to daregit/yocto-combined
that referenced
this pull request
May 22, 2024
Fix a following compiling issue when seccomp is enabled by PACKAGECONFIG: | ../test-seccomp.c: In function 'test_protect_sysctl': | ../test-seccomp.c:307:5: error: "__NR__sysctl" is not defined, evaluates to 0 [-Werror=undef] | 307 | #if __NR__sysctl > 0 | | ^~~~~~~~~~~~ Reference: systemd/systemd#14032 (From OE-Core rev: e0e7a6a8b4041d858e6a5f0e7d32f5df38ac53c5) Signed-off-by: Ming Liu <liu.ming50@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
…namespace invasion
A follow-up for 59b6572, adding the
same conditioning for all cases of our __NR_xyz use.
Fixes: #14031