Skip to content

Commit 06b4702

Browse files
bchaliosbchalios
committed
Fix seccomp futex filters
Rust mpsc channels make use of the futex system call. They used to make use of the FUTEX_WAIT_PRIVATE flag, but now they substituted it with FUTEX_WAIT_BITSET_PRIVATE which was breaking our seccomp filter list. Update the filters. Signed-off-by: Babis Chalios <[email protected]>
1 parent f2318d2 commit 06b4702

File tree

2 files changed

+78
-0
lines changed

2 files changed

+78
-0
lines changed

resources/seccomp/aarch64-unknown-linux-musl.json

Lines changed: 39 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -170,6 +170,19 @@
170170
}
171171
]
172172
},
173+
{
174+
"syscall": "futex",
175+
"comment": "Used for synchronization",
176+
"args": [
177+
{
178+
"index": 1,
179+
"type": "dword",
180+
"op": "eq",
181+
"val": 137,
182+
"comment": "FUTEX_WAIT_BITSET_PRIVATE"
183+
}
184+
]
185+
},
173186
{
174187
"syscall": "futex",
175188
"comment": "Used for synchronization",
@@ -544,6 +557,19 @@
544557
}
545558
]
546559
},
560+
{
561+
"syscall": "futex",
562+
"comment": "Used for synchronization",
563+
"args": [
564+
{
565+
"index": 1,
566+
"type": "dword",
567+
"op": "eq",
568+
"val": 137,
569+
"comment": "FUTEX_WAIT_BITSET_PRIVATE"
570+
}
571+
]
572+
},
547573
{
548574
"syscall": "futex",
549575
"comment": "Used for synchronization",
@@ -753,6 +779,19 @@
753779
}
754780
]
755781
},
782+
{
783+
"syscall": "futex",
784+
"comment": "Used for synchronization",
785+
"args": [
786+
{
787+
"index": 1,
788+
"type": "dword",
789+
"op": "eq",
790+
"val": 137,
791+
"comment": "FUTEX_WAIT_BITSET_PRIVATE"
792+
}
793+
]
794+
},
756795
{
757796
"syscall": "futex",
758797
"comment": "Used for synchronization",

resources/seccomp/x86_64-unknown-linux-musl.json

Lines changed: 39 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -170,6 +170,19 @@
170170
}
171171
]
172172
},
173+
{
174+
"syscall": "futex",
175+
"comment": "Used for synchronization",
176+
"args": [
177+
{
178+
"index": 1,
179+
"type": "dword",
180+
"op": "eq",
181+
"val": 137,
182+
"comment": "FUTEX_WAIT_BITSET_PRIVATE"
183+
}
184+
]
185+
},
173186
{
174187
"syscall": "futex",
175188
"comment": "Used for synchronization",
@@ -556,6 +569,19 @@
556569
}
557570
]
558571
},
572+
{
573+
"syscall": "futex",
574+
"comment": "Used for synchronization",
575+
"args": [
576+
{
577+
"index": 1,
578+
"type": "dword",
579+
"op": "eq",
580+
"val": 137,
581+
"comment": "FUTEX_WAIT_BITSET_PRIVATE"
582+
}
583+
]
584+
},
559585
{
560586
"syscall": "futex",
561587
"comment": "Used for synchronization",
@@ -765,6 +791,19 @@
765791
}
766792
]
767793
},
794+
{
795+
"syscall": "futex",
796+
"comment": "Used for synchronization",
797+
"args": [
798+
{
799+
"index": 1,
800+
"type": "dword",
801+
"op": "eq",
802+
"val": 137,
803+
"comment": "FUTEX_WAIT_BITSET_PRIVATE"
804+
}
805+
]
806+
},
768807
{
769808
"syscall": "futex",
770809
"comment": "Used for synchronization",

0 commit comments

Comments
 (0)