diff --git a/sandbox-seccomp-filter.c b/sandbox-seccomp-filter.c index 798b24bd8..f5e462806 100644 --- a/sandbox-seccomp-filter.c +++ b/sandbox-seccomp-filter.c @@ -270,6 +270,9 @@ static const struct sock_filter preauth_insns[] = { #ifdef __NR__newselect SC_ALLOW(__NR__newselect), #endif +#ifdef __NR_ppoll + SC_ALLOW(__NR_ppoll), +#endif #ifdef __NR_poll SC_ALLOW(__NR_poll), #endif @@ -391,7 +394,7 @@ ssh_sandbox_child_debugging(void) void ssh_sandbox_child(struct ssh_sandbox *box) { - struct rlimit rl_zero; + struct rlimit rl_zero, rl_one = {.rlim_cur = 1, .rlim_max = 1}; int nnp_failed = 0; /* Set rlimits for completeness if possible. */ @@ -399,7 +402,11 @@ ssh_sandbox_child(struct ssh_sandbox *box) if (setrlimit(RLIMIT_FSIZE, &rl_zero) == -1) fatal("%s: setrlimit(RLIMIT_FSIZE, { 0, 0 }): %s", __func__, strerror(errno)); - if (setrlimit(RLIMIT_NOFILE, &rl_zero) == -1) + /* + * Cannot use zero for nfds, because poll(2) will fail with + * errno=EINVAL if npfds>RLIMIT_NOFILE. + */ + if (setrlimit(RLIMIT_NOFILE, &rl_one) == -1) fatal("%s: setrlimit(RLIMIT_NOFILE, { 0, 0 }): %s", __func__, strerror(errno)); if (setrlimit(RLIMIT_NPROC, &rl_zero) == -1)