From 76ff1947b6e3703c2b9524e1086c791ceb4edb74 Mon Sep 17 00:00:00 2001 From: gVisor bot Date: Tue, 24 Sep 2019 23:46:08 -0700 Subject: gvisor: change syscall.RawSyscall to syscall.RawSyscall6 where required Before https://golang.org/cl/173160 syscall.RawSyscall would zero out the last three register arguments to the system call. That no longer happens. For system calls that take more than three arguments, use RawSyscall6 to ensure that we pass zero, not random data, for the additional arguments. PiperOrigin-RevId: 271062527 --- pkg/seccomp/seccomp_unsafe.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'pkg/seccomp') diff --git a/pkg/seccomp/seccomp_unsafe.go b/pkg/seccomp/seccomp_unsafe.go index 0a3d92854..be328db12 100644 --- a/pkg/seccomp/seccomp_unsafe.go +++ b/pkg/seccomp/seccomp_unsafe.go @@ -35,7 +35,7 @@ type sockFprog struct { //go:nosplit func SetFilter(instrs []linux.BPFInstruction) syscall.Errno { // PR_SET_NO_NEW_PRIVS is required in order to enable seccomp. See seccomp(2) for details. - if _, _, errno := syscall.RawSyscall(syscall.SYS_PRCTL, linux.PR_SET_NO_NEW_PRIVS, 1, 0); errno != 0 { + if _, _, errno := syscall.RawSyscall6(syscall.SYS_PRCTL, linux.PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0, 0); errno != 0 { return errno } -- cgit v1.2.3