diff options
author | Topi Miettinen <toiwoton@gmail.com> | 2017-08-13 14:07:31 +0300 |
---|---|---|
committer | Topi Miettinen <toiwoton@gmail.com> | 2017-08-13 17:31:07 +0300 |
commit | 63e9d849f662d1a494c6396d4a439cd4c91dfa7e (patch) | |
tree | 703cc8c9c0eb5b9e528f025961df7f322f797737 /src/fseccomp/seccomp_file.c | |
parent | merges (diff) | |
download | firejail-63e9d849f662d1a494c6396d4a439cd4c91dfa7e.tar.gz firejail-63e9d849f662d1a494c6396d4a439cd4c91dfa7e.tar.zst firejail-63e9d849f662d1a494c6396d4a439cd4c91dfa7e.zip |
Allow any syscall to be blacklisted (#1447)
Allow any syscall to be blacklisted with aid of LD_PRELOAD library,
libpostexecseccomp.so.
Closes: #1447
Diffstat (limited to 'src/fseccomp/seccomp_file.c')
-rw-r--r-- | src/fseccomp/seccomp_file.c | 9 |
1 files changed, 6 insertions, 3 deletions
diff --git a/src/fseccomp/seccomp_file.c b/src/fseccomp/seccomp_file.c index 16ffd5302..2d5ee115d 100644 --- a/src/fseccomp/seccomp_file.c +++ b/src/fseccomp/seccomp_file.c | |||
@@ -60,8 +60,9 @@ void filter_init(int fd) { | |||
60 | write_to_file(fd, filter, sizeof(filter)); | 60 | write_to_file(fd, filter, sizeof(filter)); |
61 | } | 61 | } |
62 | 62 | ||
63 | void filter_add_whitelist(int fd, int syscall, int arg) { | 63 | void filter_add_whitelist(int fd, int syscall, int arg, void *ptrarg) { |
64 | (void) arg; | 64 | (void) arg; |
65 | (void) ptrarg; | ||
65 | 66 | ||
66 | struct sock_filter filter[] = { | 67 | struct sock_filter filter[] = { |
67 | WHITELIST(syscall) | 68 | WHITELIST(syscall) |
@@ -69,8 +70,9 @@ void filter_add_whitelist(int fd, int syscall, int arg) { | |||
69 | write_to_file(fd, filter, sizeof(filter)); | 70 | write_to_file(fd, filter, sizeof(filter)); |
70 | } | 71 | } |
71 | 72 | ||
72 | void filter_add_blacklist(int fd, int syscall, int arg) { | 73 | void filter_add_blacklist(int fd, int syscall, int arg, void *ptrarg) { |
73 | (void) arg; | 74 | (void) arg; |
75 | (void) ptrarg; | ||
74 | 76 | ||
75 | struct sock_filter filter[] = { | 77 | struct sock_filter filter[] = { |
76 | BLACKLIST(syscall) | 78 | BLACKLIST(syscall) |
@@ -78,7 +80,8 @@ void filter_add_blacklist(int fd, int syscall, int arg) { | |||
78 | write_to_file(fd, filter, sizeof(filter)); | 80 | write_to_file(fd, filter, sizeof(filter)); |
79 | } | 81 | } |
80 | 82 | ||
81 | void filter_add_errno(int fd, int syscall, int arg) { | 83 | void filter_add_errno(int fd, int syscall, int arg, void *ptrarg) { |
84 | (void) ptrarg; | ||
82 | struct sock_filter filter[] = { | 85 | struct sock_filter filter[] = { |
83 | BLACKLIST_ERRNO(syscall, arg) | 86 | BLACKLIST_ERRNO(syscall, arg) |
84 | }; | 87 | }; |