Overview
Comment: | Added start of seccomp support |
---|---|
Downloads: | Tarball | ZIP archive | SQL archive |
Timelines: | family | ancestors | descendants | both | seccomp |
Files: | files | file ages | folders |
SHA1: | 5e8db140865a572d051ed439e2e7ced726d82222 |
User & Date: | rkeene on 2014-06-16 17:00:37 |
Other Links: | manifest | tags |
Context
2020-03-31
| ||
14:33 | Merged in trunk check-in: 2204669e3b user: rkeene tags: seccomp | |
2014-06-16
| ||
17:00 | Added start of seccomp support check-in: 5e8db14086 user: rkeene tags: seccomp | |
2014-02-19
| ||
16:32 | Post-release version increment check-in: d65da49b32 user: rkeene tags: trunk | |
Changes
Modified filed.c from [d44c0f8297] to [cb8ce29868].
1 1 #include <sys/sendfile.h> 2 2 #include <sys/socket.h> 3 3 #include <sys/types.h> 4 +#include <sys/prctl.h> 4 5 #include <arpa/inet.h> 5 6 #include <sys/mman.h> 6 7 #include <sys/stat.h> 7 8 #include <sys/wait.h> 8 9 #include <pthread.h> 9 10 #include <strings.h> 10 11 #include <signal.h> ................................................................................ 1459 1460 setuid_ret = setuid(user); 1460 1461 if (setuid_ret != 0) { 1461 1462 perror("setuid"); 1462 1463 1463 1464 return(1); 1464 1465 } 1465 1466 } 1467 + 1468 + /* Do not allow any privilege changes beyond this point */ 1469 + prctl(PR_SET_NO_NEW_PRIVS, 1); 1466 1470 1467 1471 /* Initialize */ 1468 1472 init_ret = filed_init(cache_size); 1469 1473 if (init_ret != 0) { 1470 1474 perror("filed_init"); 1471 1475 1472 1476 return(3);