diff --git a/backport-seccomp-util-include-missing_syscall_def.h-to-make-__SNR_foo-mapped.patch b/backport-seccomp-util-include-missing_syscall_def.h-to-make-__SNR_foo-mapped.patch new file mode 100644 index 0000000000000000000000000000000000000000..051de09c122cc0dce91380a15cded2482d21bb64 --- /dev/null +++ b/backport-seccomp-util-include-missing_syscall_def.h-to-make-__SNR_foo-mapped.patch @@ -0,0 +1,71 @@ +From ddf73c98fcf094201dc813b33765e4eed74e25c5 Mon Sep 17 00:00:00 2001 +From: zhaoxiaohu +Date: Wed, 31 Jul 2024 10:24:26 +0800 +Subject: [PATCH] seccomp-util: include missing_syscall_def.h to make __SNR_foo + mapped to __NR_foo + +Fixes #21969. + +Reference: https://github.com/systemd/systemd/pull/21970/commits/e83156c264d149e8f92f05b4d777317824a430f1 + +Signed-off-by: zhaoxiaohu +Signed-off-by: yuwang +--- + src/shared/seccomp-util.c | 9 ++++----- + 1 file changed, 4 insertions(+), 5 deletions(-) + +diff --git a/src/shared/seccomp-util.c b/src/shared/seccomp-util.c +index ccfa4cc..9e0d415 100644 +--- a/src/shared/seccomp-util.c ++++ b/src/shared/seccomp-util.c +@@ -3,13 +3,16 @@ + #include + #include + #include +-#include + #include + #include + #include + #include + #include + ++/* include missing_syscall_def.h earlier to make __SNR_foo mapped to __NR_foo. */ ++#include "missing_syscall_def.h" ++#include ++ + #include "af-list.h" + #include "alloc-util.h" + #include "env-util.h" +@@ -1736,13 +1739,11 @@ int seccomp_memory_deny_write_execute(void) { + if (r < 0) + continue; + +-#ifdef __NR_pkey_mprotect + r = add_seccomp_syscall_filter(seccomp, arch, SCMP_SYS(pkey_mprotect), + 1, + SCMP_A2(SCMP_CMP_MASKED_EQ, PROT_EXEC, PROT_EXEC)); + if (r < 0) + continue; +-#endif + + if (shmat_syscall > 0) { + r = add_seccomp_syscall_filter(seccomp, arch, shmat_syscall, +@@ -2063,7 +2064,6 @@ static int seccomp_restrict_sxid(scmp_filter_ctx seccomp, mode_t m) { + else + any = true; + +-#if SCMP_SYS(open) > 0 + r = seccomp_rule_add_exact( + seccomp, + SCMP_ACT_ERRNO(EPERM), +@@ -2075,7 +2075,6 @@ static int seccomp_restrict_sxid(scmp_filter_ctx seccomp, mode_t m) { + log_debug_errno(r, "Failed to add filter for open: %m"); + else + any = true; +-#endif + + r = seccomp_rule_add_exact( + seccomp, +-- +2.33.0 + diff --git a/systemd.spec b/systemd.spec index aaff457a01b52435eabfd56dfea9e35589218e40..dc80dfeb2a8daa2d84581ded014c1541588780fe 100644 --- a/systemd.spec +++ b/systemd.spec @@ -21,7 +21,7 @@ Name: systemd Url: https://systemd.io/ Version: 249 -Release: 81 +Release: 82 License: MIT and LGPLv2+ and GPLv2+ Summary: System and Service Manager @@ -644,6 +644,7 @@ Patch6595: backport-login-user-runtime-dir-properly-check-for-mount-poin.pa Patch6596: backport-user-util-validate-the-right-field.patch Patch6597: backport-Update-hwdb.patch Patch6598: backport-sd-event-fix-fd-leak-when-fd-is-owned-by-IO-event-so.patch +Patch6599: backport-seccomp-util-include-missing_syscall_def.h-to-make-__SNR_foo-mapped.patch Patch9001: update-rtc-with-system-clock-when-shutdown.patch Patch9002: udev-add-actions-while-rename-netif-failed.patch @@ -2130,6 +2131,9 @@ grep -q -E '^KEYMAP="?fi-latin[19]"?' /etc/vconsole.conf 2>/dev/null && %{_libdir}/security/pam_systemd.so %changelog +* Wed Jul 31 2024 zhaoxiaohu - 249-82 +- add backport-seccomp-util-include-missing_syscall_def.h-to-make-__SNR_foo-mapped.patch + * Thu Jul 18 2024 gengqihu - 249-81 - add backport-sd-event-fix-fd-leak-when-fd-is-owned-by-IO-event-so.patch