nixos/nix
1
1
Fork 0
mirror of https://github.com/NixOS/nix.git synced 2025-11-15 06:52:43 +01:00
Code Activity

Add X32 to the seccomp filter

Browse source 
Fixes #1432.

(cherry picked from commit a3dc1e65ab)
This commit is contained in:
Eelco Dolstra 2017-07-04 19:00:51 +02:00
parent b59788fc48
commit 9943f98c35
No known key found for this signature in database
GPG key ID: 8170B4726D7198DE
1 changed files with 4 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

4
src/libstore/build.cc
View file

@ -2275,6 +2275,10 @@ void setupSeccomp()
seccomp_arch_add(ctx, SCMP_ARCH_X86) != 0) seccomp_arch_add(ctx, SCMP_ARCH_X86) != 0)
throw SysError("unable to add 32-bit seccomp architecture"); throw SysError("unable to add 32-bit seccomp architecture");
if (settings.thisSystem == "x86_64-linux" &&
seccomp_arch_add(ctx, SCMP_ARCH_X32) != 0)
throw SysError("unable to add X32 seccomp architecture");
/* Prevent builders from creating setuid/setgid binaries. */ /* Prevent builders from creating setuid/setgid binaries. */
for (int perm : { S_ISUID, S_ISGID }) { for (int perm : { S_ISUID, S_ISGID }) {
if (seccomp_rule_add(ctx, SCMP_ACT_ERRNO(EPERM), SCMP_SYS(chmod), 1, if (seccomp_rule_add(ctx, SCMP_ACT_ERRNO(EPERM), SCMP_SYS(chmod), 1,