wroclaw-git-backups/nix
1
0
Fork 0
mirror of https://github.com/NixOS/nix synced 2025-06-28 01:11:15 +02:00
Code Activity

seccomp: Forge return codes for POSIX ACL syscalls

Browse source 
Commands such as "cp -p" also use fsetxattr() in addition to fchown(),
so we need to make sure these syscalls always return successful as well
in order to avoid nasty "Invalid value" errors.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
This commit is contained in:
aszlig 2016-11-16 17:25:00 +01:00
parent 651a18dd24
commit ed64976cec
No known key found for this signature in database
GPG key ID: 1DE8E48E57DB5436
2 changed files with 6 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

4
src/libstore/build.cc
View file

@ -1659,6 +1659,10 @@ void setupSeccomp(void) {
FORCE_SUCCESS(fchownat);
FORCE_SUCCESS(lchown);
FORCE_SUCCESS(setxattr);
FORCE_SUCCESS(lsetxattr);
FORCE_SUCCESS(fsetxattr);
if (seccomp_load(ctx) != 0) {
seccomp_release(ctx);
throw SysError("unable to load seccomp BPF program");