Diff

Differences From Artifact [05973c0b4a]:

To Artifact [61d8dcb4f5]:


806
807
808
809
810
811
812






























813
814
815
816
817
818
819
	if (filed_sockettimeout_devnull_fd < 0) {
		return(-1);
	}

	return(0);
}
#endif































/* Format time per RFC2616 */
static char *filed_format_time(char *buffer, size_t buffer_len, const time_t timeinfo) {
	struct tm timeinfo_tm, *timeinfo_tm_p;

	timeinfo_tm_p = gmtime_r(&timeinfo, &timeinfo_tm);
	if (timeinfo_tm_p == NULL) {







>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>







806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
	if (filed_sockettimeout_devnull_fd < 0) {
		return(-1);
	}

	return(0);
}
#endif

#include <linux/seccomp.h>
#include <linux/filter.h>
#include <linux/audit.h>
#include <sys/ptrace.h>
#include <stddef.h>

static int filed_init_seccomp(void) {
	struct sock_fprog filter;
	struct sock_filter rules[] = {
#include "filed.seccomp.h"
	};
	int prctl_ret;

	/* Do not allow any privilege changes beyond this point */
 	prctl_ret = prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0);
	if (prctl_ret != 0) {
		return(-1);
	}

	filter.len = sizeof(rules) / sizeof(*rules);
	filter.filter = rules;

	prctl_ret = prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, &filter);
	if (prctl_ret != 0) {
		return(-1);
	}

	return(0);
}

/* Format time per RFC2616 */
static char *filed_format_time(char *buffer, size_t buffer_len, const time_t timeinfo) {
	struct tm timeinfo_tm, *timeinfo_tm_p;

	timeinfo_tm_p = gmtime_r(&timeinfo, &timeinfo_tm);
	if (timeinfo_tm_p == NULL) {
1911
1912
1913
1914
1915
1916
1917
1918
1919
1920
1921
1922
1923
1924
1925
1926
1927
		if (setuid_ret != 0) {
			perror("setuid");

			return(1);
		}
	}

	/* Do not allow any privilege changes beyond this point */
	prctl(PR_SET_NO_NEW_PRIVS, 1);

	/* Initialize */
	init_ret = filed_init(cache_size);
	if (init_ret != 0) {
		perror("filed_init");

		return(3);
	}







<
<
<







1941
1942
1943
1944
1945
1946
1947



1948
1949
1950
1951
1952
1953
1954
		if (setuid_ret != 0) {
			perror("setuid");

			return(1);
		}
	}




	/* Initialize */
	init_ret = filed_init(cache_size);
	if (init_ret != 0) {
		perror("filed_init");

		return(3);
	}
1937
1938
1939
1940
1941
1942
1943








1944
1945
1946
1947
1948
1949
1950
	/* Create socket termination thread */
	init_ret = filed_sockettimeout_thread_init();
	if (init_ret != 0) {
		perror("filed_sockettimeout_thread_init");

		return(7);
	}









	/* Create worker threads */
	init_ret = filed_worker_threads_init(fd, thread_count, &thread_options);
	if (init_ret != 0) {
		perror("filed_worker_threads_init");

		return(5);







>
>
>
>
>
>
>
>







1964
1965
1966
1967
1968
1969
1970
1971
1972
1973
1974
1975
1976
1977
1978
1979
1980
1981
1982
1983
1984
1985
	/* Create socket termination thread */
	init_ret = filed_sockettimeout_thread_init();
	if (init_ret != 0) {
		perror("filed_sockettimeout_thread_init");

		return(7);
	}

	/* Initialize seccomp */
	init_ret = filed_init_seccomp();
	if (init_ret != 0) {
		perror("filed_init_seccomp");

		return(9);
	}

	/* Create worker threads */
	init_ret = filed_worker_threads_init(fd, thread_count, &thread_options);
	if (init_ret != 0) {
		perror("filed_worker_threads_init");

		return(5);