Attachment #2217 for bug #2069

Lines 723-728 main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16)) Link Here

(-)a/configure.ac (+4 lines)
723	AC_DEFINE([SECCOMP_AUDIT_ARCH], [AUDIT_ARCH_I386],	723	AC_DEFINE([SECCOMP_AUDIT_ARCH], [AUDIT_ARCH_I386],
724	[Specify the system call convention in use])	724	[Specify the system call convention in use])
725	;;	725	;;
		726	arm-)
		727	AC_DEFINE([SECCOMP_AUDIT_ARCH], [AUDIT_ARCH_ARM],
		728	[Specify the system call convention in use])
		729	;;
726	*)	730	*)
727	have_seccomp_audit_arch=0	731	have_seccomp_audit_arch=0
728	;;	732	;;

Lines 44-49 Link Here

(-)a/sandbox-seccomp-filter.c (-1 / +8 lines)
44	#include <linux/audit.h>	44	#include <linux/audit.h>
45	#include <linux/filter.h>	45	#include <linux/filter.h>
46	#include <linux/seccomp.h>	46	#include <linux/seccomp.h>
		47	#include <elf.h>
47		48
48	#include <asm/unistd.h>	49	#include <asm/unistd.h>
49		50
Lines 90-96 static const struct sock_filter preauth_insns[] = { Link Here
90	SC_DENY(open, EACCES),	91	SC_DENY(open, EACCES),
91	SC_ALLOW(getpid),	92	SC_ALLOW(getpid),
92	SC_ALLOW(gettimeofday),	93	SC_ALLOW(gettimeofday),
		94	#ifdef __NR_time // not defined on EABI ARM
93	SC_ALLOW(time),	95	SC_ALLOW(time),
		96	#endif
94	SC_ALLOW(read),	97	SC_ALLOW(read),
95	SC_ALLOW(write),	98	SC_ALLOW(write),
96	SC_ALLOW(close),	99	SC_ALLOW(close),
Lines 102-108 static const struct sock_filter preauth_insns[] = { Link Here
102	SC_ALLOW(select),	105	SC_ALLOW(select),
103	#endif	106	#endif
104	SC_ALLOW(madvise),	107	SC_ALLOW(madvise),
		108	#ifdef __NR_mmap2 // EABI ARM only has mmap2()
		109	SC_ALLOW(mmap2),
		110	#endif
		111	#ifdef __NR_mmap
105	SC_ALLOW(mmap),	112	SC_ALLOW(mmap),
		113	#endif
106	SC_ALLOW(munmap),	114	SC_ALLOW(munmap),
107	SC_ALLOW(exit_group),	115	SC_ALLOW(exit_group),
108	#ifdef __NR_rt_sigprocmask	116	#ifdef __NR_rt_sigprocmask
109	-

Return to bug 2069