[tracker-miners/wip/carlosg/cue-file-lookups] seccomp: Disallow fchown
- From: Carlos Garnacho <carlosg src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [tracker-miners/wip/carlosg/cue-file-lookups] seccomp: Disallow fchown
- Date: Tue, 4 Oct 2022 15:40:18 +0000 (UTC)
commit cdf284962357abf5521670470e3239e92c4e4a31
Author: Carlos Garnacho <carlosg gnome org>
Date: Tue Oct 4 17:38:28 2022 +0200
seccomp: Disallow fchown
This is needed by SQLite on some circumstances, but these mostly
apply to databases being opened with other users. This is something
that happens on CI, but is not expected to happen in real circumstances.
Anyhow, SQLite does not check for fchown return value, so just error
out softly if that happens.
src/libtracker-miners-common/tracker-seccomp.c | 1 +
1 file changed, 1 insertion(+)
---
diff --git a/src/libtracker-miners-common/tracker-seccomp.c b/src/libtracker-miners-common/tracker-seccomp.c
index 2f9cb8176..3102d0997 100644
--- a/src/libtracker-miners-common/tracker-seccomp.c
+++ b/src/libtracker-miners-common/tracker-seccomp.c
@@ -155,6 +155,7 @@ tracker_seccomp_init (void)
ALLOW_RULE (time);
ALLOW_RULE (fsync);
ALLOW_RULE (umask);
+ ERROR_RULE (fchown, EPERM);
/* Processes and threads */
ALLOW_RULE (clone);
ALLOW_RULE (clone3);
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]