Use seccomp instead of setsid() to workaround CVE-2017-5226 #150
Commits on Jan 16, 2017
-
Use seccomp instead of setsid() to workaround CVE-2017-5226
The setsid() workaround of containers#143 is problematic, because it e.g. breaks shell job control for bubblewrap instances. So, instead we use a seccomp approach based on: util-linux/util-linux@8e49250 However, since we don't want to pull in any more dependencies into the setuid binary we pre-compile the seccomp code during the build. If libseccomp is not available on your architecture, we still support the old fix with --disable-seccomp-tty-fix. This fixes containers#147
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.