libtracker-common: Whitelist dup/dup2/dup3

dup2/3 have special requirements, as they can close underlying fds, they are not allowed on stdin/out/err.
author: Carlos Garnacho <carlosg@gnome.org> 2016-12-17 15:45:21 +0100
committer: Carlos Garnacho <carlosg@gnome.org> 2017-01-19 11:37:45 +0100
commit: a9d09d9539ae06e66840d96bc4553e883bed2072 (patch)
tree: 4e0802fa436908e992bd00ceae07fe154633fec1
parent: 87fa852eecddeb6cc1d20a6cf5eb61764d9201d3 (diff)
download: tracker-a9d09d9539ae06e66840d96bc4553e883bed2072.tar.gz
1 files changed, 9 insertions, 0 deletions
diff --git a/src/libtracker-common/tracker-seccomp.c b/src/libtracker-common/tracker-seccomp.c
index e00fe1494..c46dfa6af 100644
--- a/src/libtracker-common/tracker-seccomp.c
+++ b/src/libtracker-common/tracker-seccomp.c
@@ -129,6 +129,7 @@ tracker_seccomp_init (void)
 	ALLOW_RULE (fadvise64);
 	ALLOW_RULE (write);
 	ALLOW_RULE (writev);
+	ALLOW_RULE (dup);
 	/* Needed by some GStreamer modules doing crazy stuff, less
 	 * scary thanks to the restriction below about sockets being
 	 * local.
@@ -179,6 +180,14 @@ tracker_seccomp_init (void)
 	                      SCMP_CMP(1, SCMP_CMP_MASKED_EQ, O_RDWR, O_RDWR)) < 0)
 		goto out;
 
+	/* Special requirements for dup2/dup3, no fiddling with stdin/out/err */
+	if (seccomp_rule_add (ctx, SCMP_ACT_ALLOW, SCMP_SYS(dup2), 1,
+	                      SCMP_CMP(1, SCMP_CMP_GT, 2)) < 0)
+		goto out;
+	if (seccomp_rule_add (ctx, SCMP_ACT_ALLOW, SCMP_SYS(dup3), 1,
+	                      SCMP_CMP(1, SCMP_CMP_GT, 2)) < 0)
+		goto out;
+
 	g_debug ("Loading seccomp rules.");
 
 	if (seccomp_load (ctx) >= 0)
author	Carlos Garnacho <carlosg@gnome.org>	2016-12-17 15:45:21 +0100
committer	Carlos Garnacho <carlosg@gnome.org>	2017-01-19 11:37:45 +0100
commit	a9d09d9539ae06e66840d96bc4553e883bed2072 (patch)
tree	4e0802fa436908e992bd00ceae07fe154633fec1
parent	87fa852eecddeb6cc1d20a6cf5eb61764d9201d3 (diff)
download	tracker-a9d09d9539ae06e66840d96bc4553e883bed2072.tar.gz