diff options
author | smitsohu <smitsohu@gmail.com> | 2022-07-31 20:06:37 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2022-07-31 20:06:37 +0200 |
commit | 06d3fd05814da2bbf1f9f30a722092a562cf16b2 (patch) | |
tree | fe19af2ec07ac3434bf93890bd719abafd3cd5c7 /src/fseccomp/protocol.c | |
parent | Merge pull request #5271 from smitsohu/nnp (diff) | |
parent | introduce new option restrict-namespaces (diff) | |
download | firejail-06d3fd05814da2bbf1f9f30a722092a562cf16b2.tar.gz firejail-06d3fd05814da2bbf1f9f30a722092a562cf16b2.tar.zst firejail-06d3fd05814da2bbf1f9f30a722092a562cf16b2.zip |
Merge pull request #5259 from smitsohu/ns
introduce new option restrict-namespaces
Diffstat (limited to 'src/fseccomp/protocol.c')
-rw-r--r-- | src/fseccomp/protocol.c | 9 |
1 files changed, 6 insertions, 3 deletions
diff --git a/src/fseccomp/protocol.c b/src/fseccomp/protocol.c index 25742c173..ea5cd5bd4 100644 --- a/src/fseccomp/protocol.c +++ b/src/fseccomp/protocol.c | |||
@@ -132,15 +132,18 @@ void protocol_build_filter(const char *prlist, const char *fname) { | |||
132 | EXAMINE_SYSCALL, // 1 | 132 | EXAMINE_SYSCALL, // 1 |
133 | // checking SYS_socket only: filtering SYS_socketcall not possible with seccomp | 133 | // checking SYS_socket only: filtering SYS_socketcall not possible with seccomp |
134 | ONLY(359), // 1 + 2 | 134 | ONLY(359), // 1 + 2 |
135 | BPF_JUMP(BPF_JMP+BPF_JA+BPF_K, (3 + 1 + 2), 0, 0), // 1 + 2 + 1 | 135 | BPF_JUMP(BPF_JMP+BPF_JA+BPF_K, (3 + 1 + 3 + 2), 0, 0), // 1 + 2 + 1 |
136 | #else | 136 | #else |
137 | #warning 32 bit protocol filter not implemented yet for your architecture | 137 | #warning 32 bit protocol filter not implemented yet for your architecture |
138 | #endif | 138 | #endif |
139 | VALIDATE_ARCHITECTURE, // 3 | 139 | VALIDATE_ARCHITECTURE, // 3 |
140 | EXAMINE_SYSCALL, // 3 + 1 | 140 | EXAMINE_SYSCALL, // 3 + 1 |
141 | ONLY(SYS_socket), // 3 + 1 + 2 | 141 | #if defined __x86_64__ |
142 | HANDLE_X32, // 3 + 1 + 3 | ||
143 | #endif | ||
144 | ONLY(SYS_socket), // 3 + 1 (+ 3) + 2 | ||
142 | 145 | ||
143 | EXAMINE_ARGUMENT(0) // 3 + 1 + 2 + 1 | 146 | EXAMINE_ARGUMENT(0) // 3 + 1 (+ 3) + 2 + 1 |
144 | }; | 147 | }; |
145 | memcpy(ptr, &filter_start[0], sizeof(filter_start)); | 148 | memcpy(ptr, &filter_start[0], sizeof(filter_start)); |
146 | ptr += sizeof(filter_start); | 149 | ptr += sizeof(filter_start); |