mir/bind
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-08-30 05:57:52 +00:00
Code Issues Releases Wiki Activity

4581. [port] Linux: Add getpid and getrandom to the list of system

Browse Source 
calls named uses for seccomp. [RT #44883]
This commit is contained in:
Mark Andrews 2017-03-16 11:21:18 +11:00
parent 638c7c635d
commit f94f3e2791
5 changed files with 36 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
CHANGES
View File

@ -1,3 +1,6 @@
4581. [port] Linux: Add getpid and getrandom to the list of system
calls named uses for seccomp. [RT #44883]
4580. [bug] 4578 introduced a regression when handling CNAME to
referral below the current domain. [RT #44850]

16
bin/named/include/named/seccomp.h
View File

@ -50,6 +50,10 @@ int scmp_syscalls[] = {
SCMP_SYS(fstat),
SCMP_SYS(epoll_ctl),
SCMP_SYS(gettimeofday),
SCMP_SYS(getpid),
#ifdef HAVE_GETRANDOM
SCMP_SYS(getrandom),
#endif
SCMP_SYS(unlink),
SCMP_SYS(socket),
SCMP_SYS(sendto),
@ -113,6 +117,10 @@ const char *scmp_syscall_names[] = {
"fstat",
"epoll_ctl",
"gettimeofday",
"getpid",
#ifdef HAVE_GETRANDOM
"getrandom",
#endif
"unlink",
"socket",
"sendto",
@ -182,6 +190,10 @@ int scmp_syscalls[] = {
SCMP_SYS(fstat64),
SCMP_SYS(epoll_ctl),
SCMP_SYS(gettimeofday),
SCMP_SYS(getpid),
#ifdef HAVE_GETRANDOM
SCMP_SYS(getrandom),
#endif
SCMP_SYS(unlink),
#ifndef ISC_PLATFORM_USETHREADS
SCMP_SYS(fcntl64),
@ -218,6 +230,10 @@ const char *scmp_syscall_names[] = {
"fstat64",
"epoll_ctl",
"gettimeofday",
"getpid",
#ifdef HAVE_GETRANDOM
"getrandom",
#endif
"unlink",
#ifndef ISC_PLATFORM_USETHREADS
"fcntl64",

3
config.h.in
View File

@ -254,6 +254,9 @@ int sigwait(const unsigned int *set, int *sig);
/* Build with GeoIP Country IPv6 support */
#undef HAVE_GEOIP_V6
/* Define to 1 if you have the `getrandom' function. */
#undef HAVE_GETRANDOM
/* Define to use gperftools CPU profiler. */
#undef HAVE_GPERFTOOLS_PROFILER

12
configure vendored
View File

@ -11493,7 +11493,19 @@ yes)
;;
esac
#libseccomp sandboxing
for ac_func in getrandom
do :
ac_fn_c_check_func "$LINENO" "getrandom" "ac_cv_func_getrandom"
if test "x$ac_cv_func_getrandom" = xyes; then :
cat >>confdefs.h <<_ACEOF
#define HAVE_GETRANDOM 1
_ACEOF
fi
done
# Check whether --enable-seccomp was given.
if test "${enable_seccomp+set}" = set; then :
enableval=$enable_seccomp;

2
configure.in
View File

@ -86,7 +86,9 @@ yes)
;;
esac
#libseccomp sandboxing
AC_CHECK_FUNCS(getrandom)
AC_ARG_ENABLE(seccomp,
AS_HELP_STRING([--enable-seccomp],[enable support for libseccomp system call filtering [default=no]]))
case "$enable_seccomp" in