Commit a9d09d95 authored by Carlos Garnacho's avatar Carlos Garnacho

libtracker-common: Whitelist dup/dup2/dup3

dup2/3 have special requirements, as they can close underlying
fds, they are not allowed on stdin/out/err.
parent 87fa852e
......@@ -129,6 +129,7 @@ tracker_seccomp_init (void)
ALLOW_RULE (fadvise64);
ALLOW_RULE (write);
ALLOW_RULE (writev);
/* Needed by some GStreamer modules doing crazy stuff, less
* scary thanks to the restriction below about sockets being
* local.
......@@ -179,6 +180,14 @@ tracker_seccomp_init (void)
goto out;
/* Special requirements for dup2/dup3, no fiddling with stdin/out/err */
if (seccomp_rule_add (ctx, SCMP_ACT_ALLOW, SCMP_SYS(dup2), 1,
SCMP_CMP(1, SCMP_CMP_GT, 2)) < 0)
goto out;
if (seccomp_rule_add (ctx, SCMP_ACT_ALLOW, SCMP_SYS(dup3), 1,
SCMP_CMP(1, SCMP_CMP_GT, 2)) < 0)
goto out;
g_debug ("Loading seccomp rules.");
if (seccomp_load (ctx) >= 0)
