Seccomp-BPF actually uses SIGSYS to trigger
the trap handler attached to sys_open.
If the signal is blocked then the kernel kills
the process whenever pulse audio calls 'open'.
The result backtrace is terminating in sys_open.
This is required to have pulse audio working
in a sandbox.
---
src/pulse/thread-mainloop.c | 10 ++++++++++
1 file changed, 10 insertions(+)
diff --git a/src/pulse/thread-mainloop.c b/src/pulse/thread-mainloop.c
index afd0581..93582d2 100644
--- a/src/pulse/thread-mainloop.c
+++ b/src/pulse/thread-mainloop.c
@@ -28,6 +28,8 @@
#include <signal.h>
#include <stdio.h>
+#include <sys/prctl.h>
+#include <linux/seccomp.h>
#include <pulse/xmalloc.h>
#include <pulse/mainloop.h>
@@ -81,6 +83,14 @@ static void thread(void *userdata) {
/* Make sure that signals are delivered to the main thread */
sigfillset(&mask);
pthread_sigmask(SIG_BLOCK, &mask, NULL);
+
+ /* If seccomp is in use, only filter mode has a chance to work.
+ * Because pa requires sys_open. */
+ if (prctl(PR_GET_SECCOMP, SECCOMP_MODE_FILTER, NULL) == 2) {
+ /* TODO: unblock SIGSYS only if a trap is attached to sys_open. */
+ int r = sigemptyset(&mask) || sigaddset(&mask, SIGSYS) || pthread_sigmask(SIG_UNBLOCK, &mask, NULL);
+ pa_assert(!r);
+ }
#endif
pa_mutex_lock(m->mutex);
--
1.9.1
