Merge branch 'maint-0.2.9' into release-0.2.9

2017-07-27 08:23:36 -04:00 · 2017-07-27 08:23:36 -04:00 · b858f22c55
parent a76315be59 24ddf5862e
commit b858f22c55
2 changed files with 12 additions and 0 deletions
--- a/changes/bug20247
+++ b/changes/bug20247
@ -0,0 +1,4 @@
+  o Minor bugfixes (linux seccomp2 sandbox):
+    - Avoid a sandbox failure when trying to re-bind to a socket and mark
+      it as IPv6-only. Fixes bug 20247; bugfix on 0.2.5.1-alpha.
+
--- a/src/common/sandbox.c
+++ b/src/common/sandbox.c
@ -728,6 +728,14 @@ sb_setsockopt(scmp_filter_ctx ctx, sandbox_cfg_t *filter)
    return rc;
 #endif

+#ifdef IPV6_V6ONLY
+  rc = seccomp_rule_add_2(ctx, SCMP_ACT_ALLOW, SCMP_SYS(setsockopt),
+      SCMP_CMP(1, SCMP_CMP_EQ, IPPROTO_IPV6),
+      SCMP_CMP(2, SCMP_CMP_EQ, IPV6_V6ONLY));
+  if (rc)
+    return rc;
+#endif
+
  return 0;
 }