"Fossies" - the Fresh Open Source Software Archive  

Source code changes of the file "seccompsandbox.c" between
vsftpd-3.0.4.tar.gz and vsftpd-3.0.5.tar.gz

About: vsftpd is a "secure, fast and scalable" FTP server.

[ To the main vsftpd source changes report ]

seccompsandbox.c  (vsftpd-3.0.4):seccompsandbox.c  (vsftpd-3.0.5)
skipping to change at line 48 skipping to change at line 48
#define PR_SET_SECCOMP 22 #define PR_SET_SECCOMP 22
#endif #endif
#ifndef PR_SET_NO_NEW_PRIVS #ifndef PR_SET_NO_NEW_PRIVS
#define PR_SET_NO_NEW_PRIVS 38 #define PR_SET_NO_NEW_PRIVS 38
#endif #endif
#ifndef __NR_openat #ifndef __NR_openat
#define __NR_openat 257 #define __NR_openat 257
#endif #endif
#ifndef __NR_newfstatat
#define __NR_newfstatat 262
#endif
#ifndef __NR_pselect6
#define __NR_pselect6 270
#endif
#ifndef __NR_getrandom #ifndef __NR_getrandom
#define __NR_getrandom 318 #define __NR_getrandom 318
#endif #endif
#ifndef O_LARGEFILE #ifndef O_LARGEFILE
#define O_LARGEFILE 00100000 #define O_LARGEFILE 00100000
#endif #endif
#ifndef O_DIRECTORY #ifndef O_DIRECTORY
#define O_DIRECTORY 00200000 #define O_DIRECTORY 00200000
skipping to change at line 273 skipping to change at line 279
static void static void
seccomp_sandbox_setup_data_connections() seccomp_sandbox_setup_data_connections()
{ {
allow_nr_3_arg_match(__NR_socket, 1, PF_INET, 2, SOCK_STREAM, 3, IPPROTO_TCP); allow_nr_3_arg_match(__NR_socket, 1, PF_INET, 2, SOCK_STREAM, 3, IPPROTO_TCP);
allow_nr_3_arg_match(__NR_socket, allow_nr_3_arg_match(__NR_socket,
1, PF_INET6, 1, PF_INET6,
2, SOCK_STREAM, 2, SOCK_STREAM,
3, IPPROTO_TCP); 3, IPPROTO_TCP);
allow_nr(__NR_bind); allow_nr(__NR_bind);
allow_nr(__NR_select); allow_nr(__NR_select);
allow_nr(__NR_pselect6);
if (tunable_port_enable) if (tunable_port_enable)
{ {
allow_nr(__NR_connect); allow_nr(__NR_connect);
allow_nr_2_arg_match(__NR_getsockopt, 2, SOL_SOCKET, 3, SO_ERROR); allow_nr_2_arg_match(__NR_getsockopt, 2, SOL_SOCKET, 3, SO_ERROR);
allow_nr_2_arg_match(__NR_setsockopt, 2, SOL_SOCKET, 3, SO_REUSEADDR); allow_nr_2_arg_match(__NR_setsockopt, 2, SOL_SOCKET, 3, SO_REUSEADDR);
allow_nr_1_arg_match(__NR_fcntl, 2, F_GETFL); allow_nr_1_arg_match(__NR_fcntl, 2, F_GETFL);
allow_nr_2_arg_match(__NR_fcntl, 2, F_SETFL, 3, O_RDWR|O_NONBLOCK); allow_nr_2_arg_match(__NR_fcntl, 2, F_SETFL, 3, O_RDWR|O_NONBLOCK);
allow_nr_2_arg_match(__NR_fcntl, 2, F_SETFL, 3, O_RDWR); allow_nr_2_arg_match(__NR_fcntl, 2, F_SETFL, 3, O_RDWR);
} }
if (tunable_pasv_enable) if (tunable_pasv_enable)
skipping to change at line 404 skipping to change at line 411
allow_nr_1_arg_match(__NR_fcntl, 2, F_SETLK); allow_nr_1_arg_match(__NR_fcntl, 2, F_SETLK);
} }
if (tunable_async_abor_enable) if (tunable_async_abor_enable)
{ {
allow_nr_2_arg_match(__NR_fcntl, 2, F_SETOWN, 3, vsf_sysutil_getpid()); allow_nr_2_arg_match(__NR_fcntl, 2, F_SETOWN, 3, vsf_sysutil_getpid());
} }
allow_nr_2_arg_match(__NR_setsockopt, 2, SOL_SOCKET, 3, SO_KEEPALIVE); allow_nr_2_arg_match(__NR_setsockopt, 2, SOL_SOCKET, 3, SO_KEEPALIVE);
allow_nr_2_arg_match(__NR_setsockopt, 2, SOL_SOCKET, 3, SO_LINGER); allow_nr_2_arg_match(__NR_setsockopt, 2, SOL_SOCKET, 3, SO_LINGER);
allow_nr_2_arg_match(__NR_setsockopt, 2, IPPROTO_IP, 3, IP_TOS); allow_nr_2_arg_match(__NR_setsockopt, 2, IPPROTO_IP, 3, IP_TOS);
allow_nr(__NR_fstat); allow_nr(__NR_fstat);
allow_nr(__NR_newfstatat);
allow_nr(__NR_lseek); allow_nr(__NR_lseek);
/* Since we use chroot() to restrict filesystem access, we can just blanket /* Since we use chroot() to restrict filesystem access, we can just blanket
* allow open(). * allow open().
*/ */
allow_nr_1_arg_mask(__NR_open, 2, open_flag); allow_nr_1_arg_mask(__NR_open, 2, open_flag);
allow_nr_1_arg_mask(__NR_openat, 3, open_flag); allow_nr_1_arg_mask(__NR_openat, 3, open_flag);
/* Other pathname-based metadata queries. */ /* Other pathname-based metadata queries. */
allow_nr(__NR_stat); allow_nr(__NR_stat);
allow_nr(__NR_readlink); allow_nr(__NR_readlink);
/* Directory handling: query, change, read. */ /* Directory handling: query, change, read. */
 End of changes. 3 change blocks. 
0 lines changed or deleted 8 lines changed or added
To the C Programs section of the vsftpd source changes report or the top of this page
Mainly generated by pkgdiff using rfcdiff
Home  |  About  |  Features  |  All  |  Newest  |  Dox  |  Diffs  |  RSS Feeds  |  Screenshots  |  Comments  |  Imprint  |  Privacy  |  HTTP(S)