Skip to content

Commit 548d06f

Browse files
committed
Add a comment before install_syscall_filter to explain why execve is required
1 parent f63b799 commit 548d06f

1 file changed

Lines changed: 15 additions & 1 deletion

File tree

src/daemon/fapolicyd.c

Lines changed: 15 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -116,6 +116,21 @@ pid_t gettid(void)
116116
}
117117
#endif
118118

119+
/*
120+
* install_syscall_filter - install daemon seccomp restrictions.
121+
*
122+
* Package trust snapshots can be rebuilt after startup. The RPM database
123+
* uses SQLite locks that are scoped to a process ID. Loading rpmdb in
124+
* fapolicyd, or in one of its threads, lets a close of an rpmdb descriptor
125+
* release that process's locks and can corrupt rpmdb during an RPM
126+
* transaction. The fixed libexec RPM loader therefore runs in a separate
127+
* process and returns a memfd snapshot.
128+
*
129+
* posix_spawn children inherit the daemon's seccomp filter, so builds with
130+
* a package loader must keep execve available for that fixed loader.
131+
*
132+
* Returns nothing.
133+
*/
119134
static void install_syscall_filter(void)
120135
{
121136
scmp_filter_ctx ctx;
@@ -125,7 +140,6 @@ static void install_syscall_filter(void)
125140
if (ctx == NULL)
126141
goto err_out;
127142
#if !defined(USE_RPM) && !defined(USE_DEB)
128-
// Package-database backends spawn libexec helpers during startup.
129143
rc = seccomp_rule_add(ctx, SCMP_ACT_ERRNO(EACCES),
130144
SCMP_SYS(execve), 0);
131145
if (rc < 0)

0 commit comments

Comments
 (0)