project-edgeos/sys-apps/systemd-cryptsetup/files/249-seccomp-util-include-missing_syscall_def.h-to-make-_.patch - cos/overlays/board-overlays - Git at Google

 From 1fd9fae7b74822f5cc32510d117aae0718f36a57 Mon Sep 17 00:00:00 2001
 From: Yu Watanabe <watanabe.yu+github@gmail.com>
 Date: Mon, 3 Jan 2022 03:47:27 +0900
 Subject: [PATCH] seccomp-util: include missing_syscall_def.h to make __SNR_foo
  mapped to __NR_foo

 Fixes #21969.

 This is a cherry-pick of https://github.com/systemd/systemd/commit/e83156c264d149e8f92f05b4d777317824a430f1
 with conflicts fixed.

 Co-authored-by: DolceTriade <vcelestialragev@gmail.com>
 ---
  src/shared/seccomp-util.c | 9 ++++-----
  1 file changed, 4 insertions(+), 5 deletions(-)

 diff --git a/src/shared/seccomp-util.c b/src/shared/seccomp-util.c
 index 7e1b4e9e90..6869808e4b 100644
 --- a/src/shared/seccomp-util.c
 +++ b/src/shared/seccomp-util.c
 @@ -3,13 +3,16 @@
  #include <errno.h>
  #include <fcntl.h>
  #include <linux/seccomp.h>
 -#include <seccomp.h>
  #include <stddef.h>
  #include <sys/mman.h>
  #include <sys/prctl.h>
  #include <sys/shm.h>
  #include <sys/stat.h>

 +/* include missing_syscall_def.h earlier to make __SNR_foo mapped to __NR_foo. */
 +#include "missing_syscall_def.h"
 +#include <seccomp.h>
 +
  #include "af-list.h"
  #include "alloc-util.h"
  #include "env-util.h"
 @@ -1751,13 +1754,11 @@ int seccomp_memory_deny_write_execute(void) {
                  if (r < 0)
                          continue;

 -#ifdef __NR_pkey_mprotect
                  r = add_seccomp_syscall_filter(seccomp, arch, SCMP_SYS(pkey_mprotect),
                                                 1,
                                                 SCMP_A2(SCMP_CMP_MASKED_EQ, PROT_EXEC, PROT_EXEC));
                  if (r < 0)
                          continue;
 -#endif

                  if (shmat_syscall > 0) {
                          r = add_seccomp_syscall_filter(seccomp, arch, shmat_syscall,
 @@ -2078,7 +2079,6 @@ static int seccomp_restrict_sxid(scmp_filter_ctx seccomp, mode_t m) {
          else
                  any = true;

 -#if SCMP_SYS(open) > 0
          r = seccomp_rule_add_exact(
                          seccomp,
                          SCMP_ACT_ERRNO(EPERM),
 @@ -2090,7 +2090,6 @@ static int seccomp_restrict_sxid(scmp_filter_ctx seccomp, mode_t m) {
                  log_debug_errno(r, "Failed to add filter for open: %m");
          else
                  any = true;
 -#endif

          r = seccomp_rule_add_exact(
                          seccomp,
 --
 2.38.0.rc2.412.g84df46c1b4-goog
	From 1fd9fae7b74822f5cc32510d117aae0718f36a57 Mon Sep 17 00:00:00 2001
	From: Yu Watanabe <watanabe.yu+github@gmail.com>
	Date: Mon, 3 Jan 2022 03:47:27 +0900
	Subject: [PATCH] seccomp-util: include missing_syscall_def.h to make __SNR_foo
	mapped to __NR_foo

	Fixes #21969.

	This is a cherry-pick of https://github.com/systemd/systemd/commit/e83156c264d149e8f92f05b4d777317824a430f1
	with conflicts fixed.

	Co-authored-by: DolceTriade <vcelestialragev@gmail.com>
	---
	src/shared/seccomp-util.c \| 9 ++++-----
	1 file changed, 4 insertions(+), 5 deletions(-)

	diff --git a/src/shared/seccomp-util.c b/src/shared/seccomp-util.c
	index 7e1b4e9e90..6869808e4b 100644
	--- a/src/shared/seccomp-util.c
	+++ b/src/shared/seccomp-util.c
	@@ -3,13 +3,16 @@
	#include <errno.h>
	#include <fcntl.h>
	#include <linux/seccomp.h>
	-#include <seccomp.h>
	#include <stddef.h>
	#include <sys/mman.h>
	#include <sys/prctl.h>
	#include <sys/shm.h>
	#include <sys/stat.h>

	+/* include missing_syscall_def.h earlier to make __SNR_foo mapped to __NR_foo. */
	+#include "missing_syscall_def.h"
	+#include <seccomp.h>
	+
	#include "af-list.h"
	#include "alloc-util.h"
	#include "env-util.h"
	@@ -1751,13 +1754,11 @@ int seccomp_memory_deny_write_execute(void) {
	if (r < 0)
	continue;

	-#ifdef __NR_pkey_mprotect
	r = add_seccomp_syscall_filter(seccomp, arch, SCMP_SYS(pkey_mprotect),
	1,
	SCMP_A2(SCMP_CMP_MASKED_EQ, PROT_EXEC, PROT_EXEC));
	if (r < 0)
	continue;
	-#endif

	if (shmat_syscall > 0) {
	r = add_seccomp_syscall_filter(seccomp, arch, shmat_syscall,
	@@ -2078,7 +2079,6 @@ static int seccomp_restrict_sxid(scmp_filter_ctx seccomp, mode_t m) {
	else
	any = true;

	-#if SCMP_SYS(open) > 0
	r = seccomp_rule_add_exact(
	seccomp,
	SCMP_ACT_ERRNO(EPERM),
	@@ -2090,7 +2090,6 @@ static int seccomp_restrict_sxid(scmp_filter_ctx seccomp, mode_t m) {
	log_debug_errno(r, "Failed to add filter for open: %m");
	else
	any = true;
	-#endif

	r = seccomp_rule_add_exact(
	seccomp,
	--
	2.38.0.rc2.412.g84df46c1b4-goog