commit 531275b0f36b39fb6a5c6aaab47e26993ce6fa91
parent 4259bc36af4aea0184488cbef00cef5dd1002044
Author: Pierre Bourdon <delroth@gmail.com>
Date: Sat, 30 Apr 2022 11:52:59 +0200
sandbox: fix openat filtering on AArch64
New glibc versions not sign-extending 32 bit negative constants seems to
not be a thing on AArch64. I suspect that this might not be the only
architecture where the sign-extensions is happening, and the correct fix
might be instead to use a proper 32 bit comparison for the first openat
parameter. For now, band-aid fix this so the sandbox can work again on
AArch64.
Diffstat:
1 file changed, 5 insertions(+), 0 deletions(-)
diff --git a/src/lib/sandbox/sandbox.c b/src/lib/sandbox/sandbox.c
@@ -518,7 +518,12 @@ libc_uses_openat_for_opendir(void)
static int
libc_negative_constant_needs_cast(void)
{
+#if defined(__aarch64__) && defined(__LP64__)
+ /* Existing glibc versions always sign-extend to 64 bits on AArch64. */
+ return 0;
+#else
return is_libc_at_least(2, 27);
+#endif
}
/** Allow a single file to be opened. If <b>use_openat</b> is true,
