summaryrefslogtreecommitdiff
path: root/net-misc/lldpd/files
diff options
context:
space:
mode:
authorV3n3RiX <venerix@koprulu.sector>2022-01-16 20:27:28 +0000
committerV3n3RiX <venerix@koprulu.sector>2022-01-16 20:27:28 +0000
commit2fd57282f0262ca084e05b0f2c63fbada395d02b (patch)
tree4e0f23cea9ce9fd972e70ebc5214bf36fed465cc /net-misc/lldpd/files
parentc3bc61051d7f12b4c682efa7a5460bbc8815649e (diff)
gentoo resync : 16.01.2021
Diffstat (limited to 'net-misc/lldpd/files')
-rw-r--r--net-misc/lldpd/files/lldpd-1.0.13-r2-glibc-2.33.patch50
1 files changed, 50 insertions, 0 deletions
diff --git a/net-misc/lldpd/files/lldpd-1.0.13-r2-glibc-2.33.patch b/net-misc/lldpd/files/lldpd-1.0.13-r2-glibc-2.33.patch
new file mode 100644
index 000000000000..62f8cdc2e62b
--- /dev/null
+++ b/net-misc/lldpd/files/lldpd-1.0.13-r2-glibc-2.33.patch
@@ -0,0 +1,50 @@
+https://github.com/lldpd/lldpd/commit/0ea4b1a5e0e9c35d960145d25166e92a9990227f
+https://github.com/lldpd/lldpd/commit/1def824404cfcab9f64b687da1cb7a4b4b51bbe0
+
+From: Antonio Quartulli <a@unstable.cc>
+Date: Sun, 9 Jan 2022 15:24:55 +0100
+Subject: [PATCH] linux: add access syscall to seccomp rules
+
+Signed-off-by: Antonio Quartulli <a@unstable.cc>
+--- a/src/daemon/priv-seccomp.c
++++ b/src/daemon/priv-seccomp.c
+@@ -178,6 +178,7 @@ priv_seccomp_init(int remote, int child)
+ (rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(gettimeofday), 0)) < 0 ||
+ (rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(newfstatat), 0)) < 0 ||
+ (rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(pread64), 0)) < 0 ||
++ (rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(access), 0)) < 0 ||
+ /* The following are for resolving addresses */
+ (rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(mmap), 0)) < 0 ||
+ (rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(munmap), 0)) < 0 ||
+
+From: David Sastre Medina <d.sastre.medina@gmail.com>
+Date: Tue, 11 Jan 2022 14:55:05 +0100
+Subject: [PATCH] daemon: add additional syscalls to SECCOMP filter when
+ running in the foreground
+
+Running lldpd in the foreground as follows:
+
+strace -c /usr/sbin/lldpd -d -cfse -D -C lldpd-peer -I lldpd-peer \
+ -S lldpd-system-name -m 192.168.50.6
+
+Requires additional syscalls to be filtered (non relevant syscalls removed):
+
+% time seconds usecs/call calls errors syscall
+------ ----------- ----------- --------- --------- ----------------
+ 0.47 0.000026 6 4 ppoll
+ 0.33 0.000018 3 5 rt_sigprocmask
+ 0.27 0.000015 3 4 getsockopt
+------ ----------- ----------- --------- --------- ----------------
+100.00 0.005520 8 637 22 total
+--- a/src/daemon/priv-seccomp.c
++++ b/src/daemon/priv-seccomp.c
+@@ -179,6 +179,9 @@ priv_seccomp_init(int remote, int child)
+ (rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(newfstatat), 0)) < 0 ||
+ (rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(pread64), 0)) < 0 ||
+ (rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(access), 0)) < 0 ||
++ (rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(rt_sigprocmask), 0)) < 0 ||
++ (rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(getsockopt), 0)) < 0 ||
++ (rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(ppoll), 0)) < 0 ||
+ /* The following are for resolving addresses */
+ (rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(mmap), 0)) < 0 ||
+ (rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(munmap), 0)) < 0 ||
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-15 14:27:02 +0000