mirror of
https://codeberg.org/kiss-community/repo
synced 2025-01-11 13:20:08 -07:00
34 lines
1.3 KiB
Diff
34 lines
1.3 KiB
Diff
diff --git a/security/sandbox/linux/SandboxFilter.cpp b/security/sandbox/linux/SandboxFilter.cpp
|
|
index 5f14e78..1b968ea 100644
|
|
--- a/security/sandbox/linux/SandboxFilter.cpp
|
|
+++ b/security/sandbox/linux/SandboxFilter.cpp
|
|
@@ -1763,10 +1763,10 @@ class GMPSandboxPolicy : public SandboxPolicyCommon {
|
|
return Allow();
|
|
case __NR_sched_get_priority_min:
|
|
case __NR_sched_get_priority_max:
|
|
+ case __NR_sched_setscheduler:
|
|
return Allow();
|
|
case __NR_sched_getparam:
|
|
- case __NR_sched_getscheduler:
|
|
- case __NR_sched_setscheduler: {
|
|
+ case __NR_sched_getscheduler: {
|
|
Arg<pid_t> pid(0);
|
|
return If(pid == 0, Allow()).Else(Trap(SchedTrap, nullptr));
|
|
}
|
|
@@ -1956,12 +1956,14 @@ class RDDSandboxPolicy final : public SandboxPolicyCommon {
|
|
case __NR_sched_getparam:
|
|
case __NR_sched_setparam:
|
|
case __NR_sched_getscheduler:
|
|
- case __NR_sched_setscheduler:
|
|
case __NR_sched_getattr:
|
|
case __NR_sched_setattr: {
|
|
Arg<pid_t> pid(0);
|
|
return If(pid == 0, Allow()).Else(Trap(SchedTrap, nullptr));
|
|
}
|
|
+ // sched_setscheduler gets special treatment here (bug 1657849):
|
|
+ case __NR_sched_setscheduler:
|
|
+ return Allow();
|
|
|
|
// The priority bounds are also used, sometimes (bug 1838675):
|
|
case __NR_sched_get_priority_min:
|