seccomp: fix multiplexed system calls
Since libseccomp 2.4.2 more architectures have shmat handled as multiplexed call. Those will fail to be added due to seccomp_rule_add_exact failing on them since they'd need to add multiple rules [1]. See the discussion at https://github.com/seccomp/libseccomp/issues/193 After discussions about the options rejected [2][3] the initial thought of a fallback to the non '_exact' version of the seccomp rule adding the next option is to handle those now affected (i386, s390, s390x) the same way as ppc which ignores and does not block shmat. [1]: https://github.com/seccomp/libseccomp/issues/193 [2]: https://github.com/systemd/systemd/pull/14167#issuecomment-559136906 [3]: https://github.com/systemd/systemd/commit/469830d1 (cherry picked from commit bed4668d)
Loading
Please register or sign in to comment