Commit b76f9f57 authored by Carlos Garnacho's avatar Carlos Garnacho

libtracker-common: Be more lenient with dup2/dup3

And allow these to manipulate stdin/out/err. They may close file
descriptors, but they don't grant access to anything the process
wouldn't have already access for, anyway.
parent f0d93fbc
......@@ -143,6 +143,8 @@ tracker_seccomp_init (void)
ALLOW_RULE (write);
ALLOW_RULE (writev);
ALLOW_RULE (dup);
ALLOW_RULE (dup2);
ALLOW_RULE (dup3);
/* Needed by some GStreamer modules doing crazy stuff, less
* scary thanks to the restriction below about sockets being
* local.
......@@ -193,14 +195,6 @@ tracker_seccomp_init (void)
SCMP_CMP(1, SCMP_CMP_MASKED_EQ, O_RDWR, O_RDWR)) < 0)
goto out;
/* Special requirements for dup2/dup3, no fiddling with stdin/out/err */
if (seccomp_rule_add (ctx, SCMP_ACT_ALLOW, SCMP_SYS(dup2), 1,
SCMP_CMP(1, SCMP_CMP_GT, 2)) < 0)
goto out;
if (seccomp_rule_add (ctx, SCMP_ACT_ALLOW, SCMP_SYS(dup3), 1,
SCMP_CMP(1, SCMP_CMP_GT, 2)) < 0)
goto out;
g_debug ("Loading seccomp rules.");
if (seccomp_load (ctx) >= 0)
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment