| commit | d2d6a1b082fa0eac8b6478889a0c28bf05e48073 | |
| author | Nick Mathewson <nickm@torproject.org> | |
| Thu, 16 Nov 2017 18:53:48 +0000 (16 13:53 -0500) | ||
| committer | Nick Mathewson <nickm@torproject.org> | |
| Thu, 16 Nov 2017 18:56:22 +0000 (16 13:56 -0500) | ||
| tree | 748194180f8f53f96e51eede9395a99ab2da669c | treesnapshot (tar.gz zip) |
| parent | 1b9bb2c847a97a50f519ee12df56b6dcdfe6686c | commitdiff |
Make our seccomp2 sandbox handle Glibc 2.26
There are three changes here:
* We need to allow epoll_pwait.
* We need to allow PF_NETLINK sockets to be opened with SOCK_CLOEXEC.
* We need to use openat() instead of open().
Note that this fix is not complete, since the openat() change is
turned off. The next commit will make the openat() change happen
when we're running glibc 2.26 or later.
Fix for 24315.
There are three changes here:
* We need to allow epoll_pwait.
* We need to allow PF_NETLINK sockets to be opened with SOCK_CLOEXEC.
* We need to use openat() instead of open().
Note that this fix is not complete, since the openat() change is
turned off. The next commit will make the openat() change happen
when we're running glibc 2.26 or later.
Fix for 24315.
| src/common/sandbox.c | diffblobblamehistory |