diff options
-rw-r--r-- | devices/src/virtio/fs/passthrough.rs | 21 | ||||
-rw-r--r-- | seccomp/arm/fs_device.policy | 8 |
2 files changed, 23 insertions, 6 deletions
diff --git a/devices/src/virtio/fs/passthrough.rs b/devices/src/virtio/fs/passthrough.rs index 6b843fc..7f6e3bb 100644 --- a/devices/src/virtio/fs/passthrough.rs +++ b/devices/src/virtio/fs/passthrough.rs @@ -116,14 +116,31 @@ macro_rules! scoped_cred { } }; } +#[cfg(not(target_arch = "arm"))] scoped_cred!(ScopedUid, libc::uid_t, libc::SYS_setresuid); +#[cfg(target_arch = "arm")] +scoped_cred!(ScopedUid, libc::uid_t, libc::SYS_setresuid32); + +#[cfg(not(target_arch = "arm"))] scoped_cred!(ScopedGid, libc::gid_t, libc::SYS_setresgid); +#[cfg(target_arch = "arm")] +scoped_cred!(ScopedGid, libc::gid_t, libc::SYS_setresgid32); + +#[cfg(not(target_arch = "arm"))] +const SYS_GETEUID: libc::c_long = libc::SYS_geteuid; +#[cfg(target_arch = "arm")] +const SYS_GETEUID: libc::c_long = libc::SYS_geteuid32; + +#[cfg(not(target_arch = "arm"))] +const SYS_GETEGID: libc::c_long = libc::SYS_getegid; +#[cfg(target_arch = "arm")] +const SYS_GETEGID: libc::c_long = libc::SYS_getegid32; thread_local! { // Both these calls are safe because they take no parameters, and only return an integer value. // The kernel also guarantees that they can never fail. - static THREAD_EUID: libc::uid_t = unsafe { libc::syscall(libc::SYS_geteuid) as libc::uid_t }; - static THREAD_EGID: libc::gid_t = unsafe { libc::syscall(libc::SYS_getegid) as libc::gid_t }; + static THREAD_EUID: libc::uid_t = unsafe { libc::syscall(SYS_GETEUID) as libc::uid_t }; + static THREAD_EGID: libc::gid_t = unsafe { libc::syscall(SYS_GETEGID) as libc::gid_t }; } fn set_creds( diff --git a/seccomp/arm/fs_device.policy b/seccomp/arm/fs_device.policy index 2d90307..0ea7fe0 100644 --- a/seccomp/arm/fs_device.policy +++ b/seccomp/arm/fs_device.policy @@ -14,8 +14,8 @@ fstatat64: 1 fstatfs64: 1 ftruncate64: 1 getdents64: 1 -getegid: 1 -geteuid: 1 +getegid32: 1 +geteuid32: 1 linkat: 1 _llseek: 1 mkdirat: 1 @@ -24,8 +24,8 @@ preadv: 1 pwritev: 1 readlinkat: 1 renameat2: 1 -setresgid: 1 -setresuid: 1 +setresgid32: 1 +setresuid32: 1 symlinkat: 1 umask: 1 unlinkat: 1 |