diff options
| -rw-r--r-- | src/shared/seccomp-util.c | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/src/shared/seccomp-util.c b/src/shared/seccomp-util.c index 03d039f778..ab24baaf9e 100644 --- a/src/shared/seccomp-util.c +++ b/src/shared/seccomp-util.c @@ -2079,10 +2079,12 @@ static int seccomp_restrict_sxid(scmp_filter_ctx seccomp, mode_t m) { /* The new openat2() system call can't be filtered sensibly, since it moves the flags parameter into * an indirect structure. Let's block it entirely for now. That should be a reasonably OK thing to do * for now, since openat2() is very new and code generally needs fallback logic anyway to be - * compatible with kernels that are not absolutely recent. */ + * compatible with kernels that are not absolutely recent. We would normally return EPERM for a + * policy check, but this isn't strictly a policy check. Instead, we return ENOSYS to force programs + * to call open() or openat() instead. We can properly enforce policy for those functions. */ r = seccomp_rule_add_exact( seccomp, - SCMP_ACT_ERRNO(EPERM), + SCMP_ACT_ERRNO(ENOSYS), SCMP_SYS(openat2), 0); if (r < 0) |