diff options
author | Mike Frysinger <vapier@chromium.org> | 2023-09-28 08:37:23 -0400 |
---|---|---|
committer | Mike Frysinger <vapier@chromium.org> | 2023-09-28 18:59:47 +0000 |
commit | c3a42478a9da2ac588f1d8f70b57f1d885483a1c (patch) | |
tree | 232140f5af3b2664a195ac7336ff7c42364fd0e4 | |
parent | b6c2d68d8899f0da4d6c326c1ea008845b0a0c34 (diff) | |
download | minijail-c3a42478a9da2ac588f1d8f70b57f1d885483a1c.tar.gz |
constants: include linux/random.h for GRND_RANDOM
BUG=None
TEST=CQ passes
Change-Id: Idb9b54c20192f629749beedcd70e98f1b690a4b1
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/minijail/+/4898983
Auto-Submit: Mike Frysinger <vapier@chromium.org>
Tested-by: Mike Frysinger <vapier@chromium.org>
Reviewed-by: Allen Webb <allenwebb@google.com>
-rw-r--r-- | gen_constants-inl.h | 1 | ||||
-rwxr-xr-x | tools/seccomp_policy_lint.py | 5 |
2 files changed, 2 insertions, 4 deletions
diff --git a/gen_constants-inl.h b/gen_constants-inl.h index f5fdd29..6485445 100644 --- a/gen_constants-inl.h +++ b/gen_constants-inl.h @@ -14,6 +14,7 @@ #include <linux/mman.h> #include <linux/net.h> #include <linux/prctl.h> +#include <linux/random.h> #include <linux/sched.h> #include <linux/serial.h> #include <linux/sockios.h> diff --git a/tools/seccomp_policy_lint.py b/tools/seccomp_policy_lint.py index 3782371..d391533 100755 --- a/tools/seccomp_policy_lint.py +++ b/tools/seccomp_policy_lint.py @@ -37,10 +37,7 @@ DANGEROUS_SYSCALLS = ( # If a dangerous syscall uses these rules, then it's considered safe. SYSCALL_SAFE_RULES = { - "getrandom": ( - # Disallow GRND_RANDOM by default. - "arg2 in 0xfffffffd", - ), + "getrandom": ("arg2 in ~GRND_RANDOM",), "mmap": ( "arg2 == PROT_READ || arg2 == PROT_NONE", "arg2 in ~PROT_EXEC", |