diff options
| author | Helmut Eller | 2026-04-04 20:59:46 +0200 |
|---|---|---|
| committer | Helmut Eller | 2026-04-04 20:59:46 +0200 |
| commit | 6eec001187e8551f32b6498e6dc60cdc58c2e515 (patch) | |
| tree | 13233de9f0a05ef86a51500e8b1870b75ff20c81 /lib-src/seccomp-filter.c | |
| parent | e4ea27119e79012f9d651cb61d1115589d91ef39 (diff) | |
| parent | 01a9d78a7e4c7d7fa5b799e4fdc2caf77a012734 (diff) | |
| download | emacs-feature/igc3.tar.gz emacs-feature/igc3.zip | |
Merge branch 'master' into feature/igc3feature/igc3
Diffstat (limited to 'lib-src/seccomp-filter.c')
| -rw-r--r-- | lib-src/seccomp-filter.c | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/lib-src/seccomp-filter.c b/lib-src/seccomp-filter.c index b9558ba3da7..a8cdc6e06f9 100644 --- a/lib-src/seccomp-filter.c +++ b/lib-src/seccomp-filter.c | |||
| @@ -316,6 +316,11 @@ main (int argc, char **argv) | |||
| 316 | SCMP_A0_32 (SCMP_CMP_EQ, 0) /* pid == 0 (current process) */, | 316 | SCMP_A0_32 (SCMP_CMP_EQ, 0) /* pid == 0 (current process) */, |
| 317 | SCMP_A2_64 (SCMP_CMP_EQ, 0) /* new_limit == NULL */); | 317 | SCMP_A2_64 (SCMP_CMP_EQ, 0) /* new_limit == NULL */); |
| 318 | 318 | ||
| 319 | /* Allow reading the scheduler policy and affinity, so num_processors | ||
| 320 | can determine the number of usable CPUs. */ | ||
| 321 | RULE0 (SCMP_ACT_ALLOW, SCMP_SYS (sched_getaffinity)); | ||
| 322 | RULE0 (SCMP_ACT_ALLOW, SCMP_SYS (sched_getscheduler)); | ||
| 323 | |||
| 319 | /* Block changing resource limits, but don't crash. */ | 324 | /* Block changing resource limits, but don't crash. */ |
| 320 | RULE (SCMP_ACT_ERRNO (EPERM), SCMP_SYS (prlimit64), | 325 | RULE (SCMP_ACT_ERRNO (EPERM), SCMP_SYS (prlimit64), |
| 321 | SCMP_A0_32 (SCMP_CMP_EQ, 0) /* pid == 0 (current process) */, | 326 | SCMP_A0_32 (SCMP_CMP_EQ, 0) /* pid == 0 (current process) */, |