mir/bind
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-08-30 22:15:20 +00:00
Code Issues Releases Wiki Activity

4581. [port] Linux: Add getpid and getrandom to the list of system

Browse Source 
calls named uses for seccomp. [RT #44883]
This commit is contained in:
Mark Andrews
2017-03-16 11:21:18 +11:00
parent 638c7c635d
commit f94f3e2791
5 changed files with 36 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
CHANGES
View File

@@ -1,3 +1,6 @@
4581. [port] Linux: Add getpid and getrandom to the list of system
calls named uses for seccomp. [RT #44883]
4580. [bug] 4578 introduced a regression when handling CNAME to 4580. [bug] 4578 introduced a regression when handling CNAME to
referral below the current domain. [RT #44850] referral below the current domain. [RT #44850]

16
bin/named/include/named/seccomp.h
View File

@@ -50,6 +50,10 @@ int scmp_syscalls[] = {
SCMP_SYS(fstat), SCMP_SYS(fstat),
SCMP_SYS(epoll_ctl), SCMP_SYS(epoll_ctl),
SCMP_SYS(gettimeofday), SCMP_SYS(gettimeofday),
SCMP_SYS(getpid),
#ifdef HAVE_GETRANDOM
SCMP_SYS(getrandom),
#endif
SCMP_SYS(unlink), SCMP_SYS(unlink),
SCMP_SYS(socket), SCMP_SYS(socket),
SCMP_SYS(sendto), SCMP_SYS(sendto),
@@ -113,6 +117,10 @@ const char *scmp_syscall_names[] = {
"fstat", "fstat",
"epoll_ctl", "epoll_ctl",
"gettimeofday", "gettimeofday",
"getpid",
#ifdef HAVE_GETRANDOM
"getrandom",
#endif
"unlink", "unlink",
"socket", "socket",
"sendto", "sendto",
@@ -182,6 +190,10 @@ int scmp_syscalls[] = {
SCMP_SYS(fstat64), SCMP_SYS(fstat64),
SCMP_SYS(epoll_ctl), SCMP_SYS(epoll_ctl),
SCMP_SYS(gettimeofday), SCMP_SYS(gettimeofday),
SCMP_SYS(getpid),
#ifdef HAVE_GETRANDOM
SCMP_SYS(getrandom),
#endif
SCMP_SYS(unlink), SCMP_SYS(unlink),
#ifndef ISC_PLATFORM_USETHREADS #ifndef ISC_PLATFORM_USETHREADS
SCMP_SYS(fcntl64), SCMP_SYS(fcntl64),
@@ -218,6 +230,10 @@ const char *scmp_syscall_names[] = {
"fstat64", "fstat64",
"epoll_ctl", "epoll_ctl",
"gettimeofday", "gettimeofday",
"getpid",
#ifdef HAVE_GETRANDOM
"getrandom",
#endif
"unlink", "unlink",
#ifndef ISC_PLATFORM_USETHREADS #ifndef ISC_PLATFORM_USETHREADS
"fcntl64", "fcntl64",

3
config.h.in
View File

@@ -254,6 +254,9 @@ int sigwait(const unsigned int *set, int *sig);
/* Build with GeoIP Country IPv6 support */ /* Build with GeoIP Country IPv6 support */
#undef HAVE_GEOIP_V6 #undef HAVE_GEOIP_V6
/* Define to 1 if you have the `getrandom' function. */
#undef HAVE_GETRANDOM
/* Define to use gperftools CPU profiler. */ /* Define to use gperftools CPU profiler. */
#undef HAVE_GPERFTOOLS_PROFILER #undef HAVE_GPERFTOOLS_PROFILER

12
configure vendored
View File

@@ -11493,7 +11493,19 @@ yes)
;; ;;
esac esac
#libseccomp sandboxing #libseccomp sandboxing
for ac_func in getrandom
do :
ac_fn_c_check_func "$LINENO" "getrandom" "ac_cv_func_getrandom"
if test "x$ac_cv_func_getrandom" = xyes; then :
cat >>confdefs.h <<_ACEOF
#define HAVE_GETRANDOM 1
_ACEOF
fi
done
# Check whether --enable-seccomp was given. # Check whether --enable-seccomp was given.
if test "${enable_seccomp+set}" = set; then : if test "${enable_seccomp+set}" = set; then :
enableval=$enable_seccomp; enableval=$enable_seccomp;

2
configure.in
View File

@@ -86,7 +86,9 @@ yes)
;; ;;
esac esac
#libseccomp sandboxing #libseccomp sandboxing
AC_CHECK_FUNCS(getrandom)
AC_ARG_ENABLE(seccomp, AC_ARG_ENABLE(seccomp,
AS_HELP_STRING([--enable-seccomp],[enable support for libseccomp system call filtering [default=no]])) AS_HELP_STRING([--enable-seccomp],[enable support for libseccomp system call filtering [default=no]]))
case "$enable_seccomp" in case "$enable_seccomp" in