Skip to content

Commit

Permalink
Merge pull request #9702 from anonymouse64/feature/copy_file_range-se…
Browse files Browse the repository at this point in the history 
…ccomp-default

interfaces/seccomp/template.go: allow copy_file_range

This was recently introduced as an optimization to Go 1.15, and so apps that
start compiling may start to try and use it.

Note that Go 1.15 does currently fall back to using other methods if copy_file_range
returns EPERM so that apps that get denied usage of copy_file_range will fallback
to potentially slower implementations. (originally upon Go 1.15 release there
was not a fallback implementation and the app would just crash returning a non-nil
error up the stack).

See golang/go#40893 and
https://go-review.googlesource.com/c/go/+/249257/ for more details on the Go
issue and the fallback implementation.

There are also some instances of Node.JS using this too with the libuv library, see 
fs.copyfile() and a corresponding forum topic for more details:
https://forum.snapcraft.io/t/snap-no-longer-has-write-permission/22686
  • Loading branch information
@anonymouse64
anonymouse64 authored Feb 13, 2021
2 parents f6bddec + c926366 commit da8011a
Showing 1 changed file with 4 additions and 0 deletions.
4 changes: 4 additions & 0 deletions interfaces/seccomp/template.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -108,6 +108,10 @@ close
# needed by ls -l
connect
# the file descriptors used here will already be mediated by apparmor,
# the 6th argument is flags, which currently is always 0
copy_file_range - - - - - 0
chroot
creat
Expand Down

0 comments on commit da8011a

Please sign in to comment.