aboutsummaryrefslogtreecommitdiffstats
path: root/src/fseccomp/seccomp_secondary.c
diff options
context:
space:
mode:
authorLibravatar Topi Miettinen <toiwoton@gmail.com>2021-01-31 00:15:31 +0200
committerLibravatar Topi Miettinen <topimiettinen@users.noreply.github.com>2021-02-01 20:09:21 +0000
commit0040969e439dbddb76bc190900b453b71e895068 (patch)
tree3d9606b116e47f8702d86fde5194d8c8d22fdde5 /src/fseccomp/seccomp_secondary.c
parentAdd profile for avidemux (#3935) (diff)
downloadfirejail-0040969e439dbddb76bc190900b453b71e895068.tar.gz
firejail-0040969e439dbddb76bc190900b453b71e895068.tar.zst
firejail-0040969e439dbddb76bc190900b453b71e895068.zip
Seccomp error action fixes
fsec-optimize: Optimize BPF with current seccomp error action, not just KILL fseccomp: use correct BPF code for errno action firejail: honor seccomp error action for X32 and secondary filters, rebuild filters if the error action is changed Closes: #3933 Signed-off-by: Topi Miettinen <toiwoton@gmail.com>
Diffstat (limited to 'src/fseccomp/seccomp_secondary.c')
-rw-r--r--src/fseccomp/seccomp_secondary.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/src/fseccomp/seccomp_secondary.c b/src/fseccomp/seccomp_secondary.c
index f024859d3..b8e8d0a89 100644
--- a/src/fseccomp/seccomp_secondary.c
+++ b/src/fseccomp/seccomp_secondary.c
@@ -126,7 +126,7 @@ void seccomp_secondary_block(const char *fname) {
126 EXAMINE_SYSCALL, 126 EXAMINE_SYSCALL,
127#if defined(__x86_64__) 127#if defined(__x86_64__)
128 // block x32 128 // block x32
129 HANDLE_X32_KILL, 129 HANDLE_X32,
130#endif 130#endif
131 // block personality(2) where domain != PER_LINUX or 0xffffffff (query current personality) 131 // block personality(2) where domain != PER_LINUX or 0xffffffff (query current personality)
132 // 0: if personality(2), continue to 1, else goto 7 (allow) 132 // 0: if personality(2), continue to 1, else goto 7 (allow)
generated by cgit v1.2.3-54-g00ecf (git 2.45.2) at 2024-07-20 10:42:59 +0000