From 813731a1e099a1c74d45dddb362db54cc9cf4071 Mon Sep 17 00:00:00 2001 From: Norman Feske Date: Sun, 9 Jan 2022 17:06:55 +0100 Subject: [PATCH] base-linux: permit rt_sigreturn on 64-bit ARM --- .../seccomp/spec/arm_64/seccomp_bpf_policy.bin | Bin 328 -> 336 bytes tool/seccomp/seccomp_bpf_compiler.h | 3 +++ 2 files changed, 3 insertions(+) diff --git a/repos/base-linux/src/lib/seccomp/spec/arm_64/seccomp_bpf_policy.bin b/repos/base-linux/src/lib/seccomp/spec/arm_64/seccomp_bpf_policy.bin index 74cef5c6a78e368a9fe66a133073da1b679456a3..2c0bd1ded49752b5ab587dbfcfb539ee35ae6332 100644 GIT binary patch delta 142 zcmX@Xbb+Z}fq{X61&Bo%7}U2jFdP8!K|qv2g+T;ND}&^KScyRlOe->ogJ}f@OE4|Z yU=OC{7#zT~EJFa8mSKnm)6xt{U|NbH6--Mqw18;|hBgKUHlV@c4BZoJPXhpL2n@^s delta 135 zcmW;Bxe0(!0E6KlaRl%C0C%v`5nRAVa1I;M+G%VpwR0qW351W3*Sf8x0PMdmG$&kU oo4C|CvNGS_5>FQRGN+XpolNOv!XRTt88OL_Sq7}qXM<{9 diff --git a/tool/seccomp/seccomp_bpf_compiler.h b/tool/seccomp/seccomp_bpf_compiler.h index 389b0e8e79..e0ed9db5f9 100644 --- a/tool/seccomp/seccomp_bpf_compiler.h +++ b/tool/seccomp/seccomp_bpf_compiler.h @@ -205,6 +205,9 @@ class Filter _add_allow_rule(SCMP_SYS(mmap)); _add_allow_rule(SCMP_SYS(cacheflush)); _add_allow_rule(SCMP_SYS(sigreturn)); + + /* returning from signal handlers is safe */ + _add_allow_rule(SCMP_SYS(rt_sigreturn)); } break; default: