diff options
author | Topi Miettinen <toiwoton@gmail.com> | 2021-01-31 00:15:31 +0200 |
---|---|---|
committer | Topi Miettinen <topimiettinen@users.noreply.github.com> | 2021-02-01 20:09:21 +0000 |
commit | 0040969e439dbddb76bc190900b453b71e895068 (patch) | |
tree | 3d9606b116e47f8702d86fde5194d8c8d22fdde5 /src/fseccomp/seccomp_secondary.c | |
parent | Add profile for avidemux (#3935) (diff) | |
download | firejail-0040969e439dbddb76bc190900b453b71e895068.tar.gz firejail-0040969e439dbddb76bc190900b453b71e895068.tar.zst firejail-0040969e439dbddb76bc190900b453b71e895068.zip |
Seccomp error action fixes
fsec-optimize: Optimize BPF with current seccomp error action, not
just KILL
fseccomp: use correct BPF code for errno action
firejail: honor seccomp error action for X32 and secondary filters,
rebuild filters if the error action is changed
Closes: #3933
Signed-off-by: Topi Miettinen <toiwoton@gmail.com>
Diffstat (limited to 'src/fseccomp/seccomp_secondary.c')
-rw-r--r-- | src/fseccomp/seccomp_secondary.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/fseccomp/seccomp_secondary.c b/src/fseccomp/seccomp_secondary.c index f024859d3..b8e8d0a89 100644 --- a/src/fseccomp/seccomp_secondary.c +++ b/src/fseccomp/seccomp_secondary.c | |||
@@ -126,7 +126,7 @@ void seccomp_secondary_block(const char *fname) { | |||
126 | EXAMINE_SYSCALL, | 126 | EXAMINE_SYSCALL, |
127 | #if defined(__x86_64__) | 127 | #if defined(__x86_64__) |
128 | // block x32 | 128 | // block x32 |
129 | HANDLE_X32_KILL, | 129 | HANDLE_X32, |
130 | #endif | 130 | #endif |
131 | // block personality(2) where domain != PER_LINUX or 0xffffffff (query current personality) | 131 | // block personality(2) where domain != PER_LINUX or 0xffffffff (query current personality) |
132 | // 0: if personality(2), continue to 1, else goto 7 (allow) | 132 | // 0: if personality(2), continue to 1, else goto 7 (allow) |