[pulseaudio-discuss] [PATCH 2/2] thread-mainloop: unblock SIGSYS on sandbox

[Julien Isorce]

Seccomp-BPF actually uses SIGSYS to trigger
the trap handler attached to sys_open.
If the signal is blocked then the kernel kills
the process whenever pulse audio calls 'open'.
The result backtrace is terminating in sys_open.

This is required to have pulse audio working
in a sandbox.
---
 src/pulse/thread-mainloop.c | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/src/pulse/thread-mainloop.c b/src/pulse/thread-mainloop.c
index afd0581..93582d2 100644
--- a/src/pulse/thread-mainloop.c
+++ b/src/pulse/thread-mainloop.c
@@ -28,6 +28,8 @@
 
 #include <signal.h>
 #include <stdio.h>
+#include <sys/prctl.h>
+#include <linux/seccomp.h>
 
 #include <pulse/xmalloc.h>
 #include <pulse/mainloop.h>
@@ -81,6 +83,14 @@ static void thread(void *userdata) {
     /* Make sure that signals are delivered to the main thread */
     sigfillset(&mask);
     pthread_sigmask(SIG_BLOCK, &mask, NULL);
+
+    /* If seccomp is in use, only filter mode has a chance to work.
+     * Because pa requires sys_open. */
+    if (prctl(PR_GET_SECCOMP, SECCOMP_MODE_FILTER, NULL) == 2) {
+        /* TODO: unblock SIGSYS only if a trap is attached to sys_open. */
+        int r = sigemptyset(&mask) || sigaddset(&mask, SIGSYS) || pthread_sigmask(SIG_UNBLOCK, &mask, NULL);
+        pa_assert(!r);
+    }
 #endif
 
     pa_mutex_lock(m->mutex);
-- 
1.9.1