mirrors/emacs
1
Fork 0
mirror of git://git.sv.gnu.org/emacs.git synced 2026-04-07 06:41:00 -07:00
Code Issues Projects Releases Wiki Activity

Allow retrieving scheduler information in seccomp (bug#80656)

Browse source 
* lib-src/seccomp-filter.c (main): Add rules for 'sched_getscheduler'
and 'sched_getaffinity'.
This commit is contained in:
Pip Cet 2026-03-25 13:09:48 +00:00
parent 0048dd0da0
commit 2ca648068f
1 changed files with 5 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

5
lib-src/seccomp-filter.c
View file

@ -316,6 +316,11 @@ main (int argc, char **argv)
SCMP_A0_32 (SCMP_CMP_EQ, 0) /* pid == 0 (current process) */,
SCMP_A2_64 (SCMP_CMP_EQ, 0) /* new_limit == NULL */);
/* Allow reading the scheduler policy and affinity, so num_processors
can determine the number of usable CPUs. */
RULE0 (SCMP_ACT_ALLOW, SCMP_SYS (sched_getaffinity));
RULE0 (SCMP_ACT_ALLOW, SCMP_SYS (sched_getscheduler));
/* Block changing resource limits, but don't crash. */
RULE (SCMP_ACT_ERRNO (EPERM), SCMP_SYS (prlimit64),
SCMP_A0_32 (SCMP_CMP_EQ, 0) /* pid == 0 (current process) */,