[Seccomp] Set appropriate filters when trapping syscalls by default
authormcatanzaro@igalia.com <mcatanzaro@igalia.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Mon, 27 Jul 2015 22:18:58 +0000 (22:18 +0000)
committermcatanzaro@igalia.com <mcatanzaro@igalia.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Mon, 27 Jul 2015 22:18:58 +0000 (22:18 +0000)
commit8c481398146d0ef392cbf772f12998a08245ae62
tree13ca2feb5039614212f87c107e73095d938522d1
parent0da149b02bba4a5144663c52ad72406afc9b10ac
[Seccomp] Set appropriate filters when trapping syscalls by default
https://bugs.webkit.org/show_bug.cgi?id=142983

If we trap syscalls by default, we must not set separate filters to trap
anything here, since it will fail causing us to crash.

But also, there are some things we must allow unconditionally even when
trapping by default. sigreturn, obviously. Also, let's whitelist brk
here instead of in platform-specific code.

Reviewed by Žan Doberšek.

* Shared/linux/SeccompFilters/SeccompBroker.cpp:
(WebKit::SeccompBroker::launchProcess): Don't trap sigprocmask or sigaction unless allow is
the default action. Also, allow sigreturn and brk is allow is not the default.
* Shared/linux/SeccompFilters/SeccompFilters.cpp: Added
(WebKit::SeccompFilters::defaultAction):
* Shared/linux/SeccompFilters/SeccompFilters.h: Added defaultAction

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@187455 268f45cc-cd09-0410-ab3c-d52691b4dbfc
Source/WebKit2/ChangeLog
Source/WebKit2/Shared/linux/SeccompFilters/SeccompBroker.cpp
Source/WebKit2/Shared/linux/SeccompFilters/SeccompFilters.cpp
Source/WebKit2/Shared/linux/SeccompFilters/SeccompFilters.h