centos-sig-hyperscale / systemd

Clone
Source Code
GIT

20a265b analyze-security: always save syscall name

1 file Authored by Yu Watanabe 2 years ago, Committed by zbyszek 2 years ago,
raw patch tree parent
1 file changed. 22 lines added. 17 lines removed.
src/analyze/analyze-security.c
file modified
+22 -17 
    analyze-security: always save syscall name
    
    This reverts dd51e725df9aec2847482131ef601e0215b371a0 and fixes bugs
    introduced by 1624114d74f55ad9791b7624b08d89d2339a68b3.
    
    Previously,
    - On online scan, the syscall filter was a string Hashmap, but it
      might contain syscall name with errno or error action. Hence, we need
      to drop the errno or error action in the string.
    - On offline scan, the syscall filter was a Hashmap of syscall ID, so
      hashmap_contains() with syscall name did not work. We need to convert
      syscall IDs to syscall names.
    - If hashmap_contains() in syscall_names_in_filter() is true, then
      the syscall is allowed when the list is an allow-list, and vice versa.
      Hence, the condition in syscall_names_in_filter() was errnously
      inverted by dd51e725df9aec2847482131ef601e0215b371a0.
    
    This makes syscalls are always stored with its name, instead of ID,
    and also correct the condition.
    
    Fixes #23663.
    
    (cherry picked from commit 5862e5561c9bbe87ad201e8d6b2ce2d0f04e7c37)
file modified
+22 -17
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.