diff options
| author | Pip Cet | 2026-03-25 13:09:48 +0000 |
|---|---|---|
| committer | Pip Cet | 2026-03-25 16:08:32 +0000 |
| commit | 2ca648068fa1fcfca5da72383babe1abce2e4ee8 (patch) | |
| tree | e7d69fd31c27c871d3603656086d797ce31902fc /lib-src | |
| parent | 0048dd0da0fdce9a2687e19bfef0c0299051a067 (diff) | |
| download | emacs-2ca648068fa1fcfca5da72383babe1abce2e4ee8.tar.gz emacs-2ca648068fa1fcfca5da72383babe1abce2e4ee8.zip | |
Allow retrieving scheduler information in seccomp (bug#80656)
* lib-src/seccomp-filter.c (main): Add rules for 'sched_getscheduler'
and 'sched_getaffinity'.
Diffstat (limited to 'lib-src')
| -rw-r--r-- | lib-src/seccomp-filter.c | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/lib-src/seccomp-filter.c b/lib-src/seccomp-filter.c index b9558ba3da7..a8cdc6e06f9 100644 --- a/lib-src/seccomp-filter.c +++ b/lib-src/seccomp-filter.c | |||
| @@ -316,6 +316,11 @@ main (int argc, char **argv) | |||
| 316 | SCMP_A0_32 (SCMP_CMP_EQ, 0) /* pid == 0 (current process) */, | 316 | SCMP_A0_32 (SCMP_CMP_EQ, 0) /* pid == 0 (current process) */, |
| 317 | SCMP_A2_64 (SCMP_CMP_EQ, 0) /* new_limit == NULL */); | 317 | SCMP_A2_64 (SCMP_CMP_EQ, 0) /* new_limit == NULL */); |
| 318 | 318 | ||
| 319 | /* Allow reading the scheduler policy and affinity, so num_processors | ||
| 320 | can determine the number of usable CPUs. */ | ||
| 321 | RULE0 (SCMP_ACT_ALLOW, SCMP_SYS (sched_getaffinity)); | ||
| 322 | RULE0 (SCMP_ACT_ALLOW, SCMP_SYS (sched_getscheduler)); | ||
| 323 | |||
| 319 | /* Block changing resource limits, but don't crash. */ | 324 | /* Block changing resource limits, but don't crash. */ |
| 320 | RULE (SCMP_ACT_ERRNO (EPERM), SCMP_SYS (prlimit64), | 325 | RULE (SCMP_ACT_ERRNO (EPERM), SCMP_SYS (prlimit64), |
| 321 | SCMP_A0_32 (SCMP_CMP_EQ, 0) /* pid == 0 (current process) */, | 326 | SCMP_A0_32 (SCMP_CMP_EQ, 0) /* pid == 0 (current process) */, |