Check-in [5e8db14086]
Overview
Comment:Added start of seccomp support
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | seccomp
Files: files | file ages | folders
SHA1:5e8db140865a572d051ed439e2e7ced726d82222
User & Date: rkeene on 2014-06-16 17:00:37
Other Links: manifest | tags
Context
2020-03-31
14:33
Merged in trunk check-in: 2204669e3b user: rkeene tags: seccomp
2014-06-16
17:00
Added start of seccomp support check-in: 5e8db14086 user: rkeene tags: seccomp
2014-02-19
16:32
Post-release version increment check-in: d65da49b32 user: rkeene tags: trunk
Changes

Modified filed.c from [d44c0f8297] to [cb8ce29868].

     1      1   #include <sys/sendfile.h>
     2      2   #include <sys/socket.h>
     3      3   #include <sys/types.h>
            4  +#include <sys/prctl.h>
     4      5   #include <arpa/inet.h>
     5      6   #include <sys/mman.h>
     6      7   #include <sys/stat.h>
     7      8   #include <sys/wait.h>
     8      9   #include <pthread.h>
     9     10   #include <strings.h>
    10     11   #include <signal.h>
................................................................................
  1459   1460   		setuid_ret = setuid(user);
  1460   1461   		if (setuid_ret != 0) {
  1461   1462   			perror("setuid");
  1462   1463   
  1463   1464   			return(1);
  1464   1465   		}
  1465   1466   	}
         1467  +
         1468  +	/* Do not allow any privilege changes beyond this point */
         1469  +	prctl(PR_SET_NO_NEW_PRIVS, 1);
  1466   1470   
  1467   1471   	/* Initialize */
  1468   1472   	init_ret = filed_init(cache_size);
  1469   1473   	if (init_ret != 0) {
  1470   1474   		perror("filed_init");
  1471   1475   
  1472   1476   		return(3);