seccomp: fix broken stat 32-bit overflow initialization#123
Merged
Snaipe merged 3 commits intoaristanetworks:mainfrom Jan 16, 2026
Merged
seccomp: fix broken stat 32-bit overflow initialization#123Snaipe merged 3 commits intoaristanetworks:mainfrom
Snaipe merged 3 commits intoaristanetworks:mainfrom
Conversation
1a6e29b ("seccomp: disable mknod emulation by default") introduced a regression by moving the seccomp syscall table initialization to the process that installs the filter. This however is not the process in which the supervisor runs in, meaning the syscall table was left empty, and caused all of the custom logic to be skipped.
It's sometimes desirable to build bst statically, and usually libdbus-1 ships as a shared library.
I'm not too happy about the form of this code, as it's only present when calling stat on 32-bit processes. Should we revisit this, it should be done on all stat syscalls regardless of the architecture, orthogonally to fixing the 32-bit overflows.
Madoxen
approved these changes
Jan 16, 2026
KrzysztofMolon
approved these changes
Jan 16, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR adds a couple of changes that I used during the debugging of this problem, as well as the real fix to the 32-bit overflow not being handled.