filed: Check-in [5e8db14086]

Overview

Comment:	Added start of seccomp support
Downloads:	Tarball \| ZIP archive \| SQL archive
Timelines:	family \| ancestors \| descendants \| both \| seccomp
Files:	files \| file ages \| folders
SHA1:	5e8db140865a572d051ed439e2e7ced726d82222
User & Date:	rkeene on 2014-06-16 17:00:37
Other Links:	manifest \| tags

Context

2020-03-31
14:33		Merged in trunk check-in: 2204669e3b user: rkeene tags: seccomp
2014-06-16
17:00		Added start of seccomp support check-in: 5e8db14086 user: rkeene tags: seccomp
2014-02-19
16:32		Post-release version increment check-in: d65da49b32 user: rkeene tags: trunk

Changes

Hide Diffs Side-by-Side Diffs Ignore Whitespace Patch

Modified filed.c from [d44c0f8297] to [cb8ce29868].

     1      1   #include <sys/sendfile.h>
     2      2   #include <sys/socket.h>
     3      3   #include <sys/types.h>
            4  +#include <sys/prctl.h>
     4      5   #include <arpa/inet.h>
     5      6   #include <sys/mman.h>
     6      7   #include <sys/stat.h>
     7      8   #include <sys/wait.h>
     8      9   #include <pthread.h>
     9     10   #include <strings.h>
    10     11   #include <signal.h>
................................................................................
  1459   1460   		setuid_ret = setuid(user);
  1460   1461   		if (setuid_ret != 0) {
  1461   1462   			perror("setuid");
  1462   1463   
  1463   1464   			return(1);
  1464   1465   		}
  1465   1466   	}
         1467  +
         1468  +	/* Do not allow any privilege changes beyond this point */
         1469  +	prctl(PR_SET_NO_NEW_PRIVS, 1);
  1466   1470   
  1467   1471   	/* Initialize */
  1468   1472   	init_ret = filed_init(cache_size);
  1469   1473   	if (init_ret != 0) {
  1470   1474   		perror("filed_init");
  1471   1475   
  1472   1476   		return(3);