/*
* Test issues with libseccomp 2.4.1 -> 2.4.2
* Derived from systemd testcase test_memory_deny_write_execute_shmat
* which fails to install shmat rules with 2.4.2 on i386 and s390x
*/
int main()
{
int shmat_syscall = -1;
int rc = -1;
scmp_filter_ctx ctx;
ctx = seccomp_init(SCMP_ACT_ALLOW);
if (ctx == NULL)
return -1;
I've simplified the test to a small case - running that I can reproduce the error.
This should be enough to go to upstreams with it.
cat > test-seccomp- shmat.c << EOF
#include <linux/seccomp.h>
#include <errno.h>
#include <seccomp.h>
#include <stdio.h>
#include <sys/shm.h>
/* deny_write_ execute_ shmat
* Test issues with libseccomp 2.4.1 -> 2.4.2
* Derived from systemd testcase test_memory_
* which fails to install shmat rules with 2.4.2 on i386 and s390x
*/
int main()
{
int shmat_syscall = -1;
int rc = -1;
scmp_filter_ctx ctx;
ctx = seccomp_ init(SCMP_ ACT_ALLOW) ;
if (ctx == NULL)
return -1;
shmat_syscall = SCMP_SYS(shmat); "SCMP_SYS( shmat) = %d\n", shmat_syscall);
printf(
rc = seccomp_ rule_add_ exact(ctx, SCMP_ACT_ ERRNO(EPERM) , shmat_syscall, 1, SCMP_A2( SCMP_CMP_ MASKED_ EQ, SHM_EXEC, SHM_EXEC));
printf("Rule installed RC = %d\n", rc);
return 0;
}
EOF
$ gcc -Wall test-seccomp- shmat.c -o test-seccomp-shmat -lseccomp
i386: seccomp- shmat seccomp- shmat
2.4.1:
./test-
SCMP_SYS(shmat) = 397
Rule installed RC = 0
2.4.2
./test-
SCMP_SYS(shmat) = 397
Rule installed RC = -22
s390x looks identical to the i386 output
Note: rebuilding on new libseccomp2 does not change this behavior