arch: add newly connected x86 32bit direct socket calls #22
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
In Linux 4.3, x86 connected up the direct socket calls to enable seccomp filtering:
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9dea5dc921
Add these to the 32 bit x86 syscalls table to match. Otherwise seccomp filters socket() and friends fail with EFAULT. (Thanks to @awhitcroft for the patch!).
I noticed that because merely rebuilding systemd against the Linux 4.3 kernel headers broke nspawn on i386. The linked Launchpad bug has the details and a simple standalone reproducer.
Note that this represents a dependency barrier -- the old code works with Linux <= 4.2, this code works with Linux >= 4.3, but if you mix old/new libseccomp and linux it will break in this manner. Ou of interest, why does libseccomp hardcode all the syscall numbers instead of using the
__NR_
syscallname macros of the kernel headers? That'd be much more robust against typos, errors like this, and it would enable checks like#ifdef __NR_socket
?Thanks!