diff options
| author | Lennart Poettering <lennart@poettering.net> | 2019-11-14 17:51:30 +0100 |
|---|---|---|
| committer | Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> | 2019-11-15 08:13:36 +0100 |
| commit | 4df8fe8415eaf4abd5b93c3447452547c6ea9e5f (patch) | |
| tree | 7edaa1cab62dec4422ec9e305b40e60dbebefa41 /src/test/test-seccomp.c | |
| parent | PrefixDelegationHint-section: typo (diff) | |
| download | systemd-4df8fe8415eaf4abd5b93c3447452547c6ea9e5f.tar.xz systemd-4df8fe8415eaf4abd5b93c3447452547c6ea9e5f.zip | |
seccomp: more comprehensive protection against libseccomp's __NR_xyz namespace invasion
A follow-up for 59b657296a2fe104f112b91bbf9301724067cc81, adding the
same conditioning for all cases of our __NR_xyz use.
Fixes: #14031
Diffstat (limited to 'src/test/test-seccomp.c')
| -rw-r--r-- | src/test/test-seccomp.c | 19 |
1 files changed, 10 insertions, 9 deletions
diff --git a/src/test/test-seccomp.c b/src/test/test-seccomp.c index 018c20f8be..c6692043fe 100644 --- a/src/test/test-seccomp.c +++ b/src/test/test-seccomp.c @@ -28,7 +28,8 @@ #include "tmpfile-util.h" #include "virt.h" -#if SCMP_SYS(socket) < 0 || defined(__i386__) || defined(__s390x__) || defined(__s390__) +/* __NR_socket may be invalid due to libseccomp */ +#if !defined(__NR_socket) || __NR_socket <= 0 || defined(__i386__) || defined(__s390x__) || defined(__s390__) /* On these archs, socket() is implemented via the socketcall() syscall multiplexer, * and we can't restrict it hence via seccomp. */ # define SECCOMP_RESTRICT_ADDRESS_FAMILIES_BROKEN 1 @@ -304,14 +305,14 @@ static void test_protect_sysctl(void) { assert_se(pid >= 0); if (pid == 0) { -#if __NR__sysctl > 0 +#if defined __NR__sysctl && __NR__sysctl > 0 assert_se(syscall(__NR__sysctl, NULL) < 0); assert_se(errno == EFAULT); #endif assert_se(seccomp_protect_sysctl() >= 0); -#if __NR__sysctl > 0 +#if defined __NR__sysctl && __NR__sysctl > 0 assert_se(syscall(__NR__sysctl, 0, 0, 0) < 0); assert_se(errno == EPERM); #endif @@ -640,7 +641,7 @@ static void test_load_syscall_filter_set_raw(void) { assert_se(poll(NULL, 0, 0) == 0); assert_se(s = hashmap_new(NULL)); -#if SCMP_SYS(access) >= 0 +#if defined __NR_access && __NR_access > 0 assert_se(hashmap_put(s, UINT32_TO_PTR(__NR_access + 1), INT_TO_PTR(-1)) >= 0); #else assert_se(hashmap_put(s, UINT32_TO_PTR(__NR_faccessat + 1), INT_TO_PTR(-1)) >= 0); @@ -656,7 +657,7 @@ static void test_load_syscall_filter_set_raw(void) { s = hashmap_free(s); assert_se(s = hashmap_new(NULL)); -#if SCMP_SYS(access) >= 0 +#if defined __NR_access && __NR_access > 0 assert_se(hashmap_put(s, UINT32_TO_PTR(__NR_access + 1), INT_TO_PTR(EILSEQ)) >= 0); #else assert_se(hashmap_put(s, UINT32_TO_PTR(__NR_faccessat + 1), INT_TO_PTR(EILSEQ)) >= 0); @@ -672,7 +673,7 @@ static void test_load_syscall_filter_set_raw(void) { s = hashmap_free(s); assert_se(s = hashmap_new(NULL)); -#if SCMP_SYS(poll) >= 0 +#if defined __NR_poll && __NR_poll > 0 assert_se(hashmap_put(s, UINT32_TO_PTR(__NR_poll + 1), INT_TO_PTR(-1)) >= 0); #else assert_se(hashmap_put(s, UINT32_TO_PTR(__NR_ppoll + 1), INT_TO_PTR(-1)) >= 0); @@ -689,7 +690,7 @@ static void test_load_syscall_filter_set_raw(void) { s = hashmap_free(s); assert_se(s = hashmap_new(NULL)); -#if SCMP_SYS(poll) >= 0 +#if defined __NR_poll && __NR_poll > 0 assert_se(hashmap_put(s, UINT32_TO_PTR(__NR_poll + 1), INT_TO_PTR(EILSEQ)) >= 0); #else assert_se(hashmap_put(s, UINT32_TO_PTR(__NR_ppoll + 1), INT_TO_PTR(EILSEQ)) >= 0); @@ -767,8 +768,8 @@ static int real_open(const char *path, int flags, mode_t mode) { * testing purposes that calls the real syscall, on architectures where SYS_open is defined. On * other architectures, let's just fall back to the glibc call. */ -#ifdef SYS_open - return (int) syscall(SYS_open, path, flags, mode); +#if defined __NR_open && __NR_open > 0 + return (int) syscall(__NR_open, path, flags, mode); #else return open(path, flags, mode); #endif |