Skip to content

More seccomp fixes

Carlos Garnacho requested to merge carlosg/tracker-miners:wip/more-seccomp-fixes into master

A followup wrt false SIGSYS and other seccomp issues:

  • Adds some more 32-bit related syscalls (#284 (closed))
  • Makes the concession to allow AF_NETLINK/NETLINK_KOBJECT_UEVENT socket access for udev within gstreamer plugins. It seems the only viable path forward to skip arch-dependent issues with socket() rules, while handling the remaining one (#283 (closed))
  • Allows tgkill() with restrictions, for assert/abort/etc to work without a false SIGSYS positive (#287 (closed))
  • Allows restart_syscall() syscall, in case tracker-extract-3 ends up traced (#288 (closed))
  • Adds some further restrictions to the seccomp sandbox.

Merge request reports