diff options
author | netblue30 <netblue30@yahoo.com> | 2017-08-23 11:41:31 -0400 |
---|---|---|
committer | netblue30 <netblue30@yahoo.com> | 2017-08-23 11:41:31 -0400 |
commit | 5129e321ca42172bf8e6b85c5679adb8da163492 (patch) | |
tree | 878f7c83adc899e04b697bcb8210a87fd3b12b2a /src/fseccomp | |
parent | deb, rpm (diff) | |
download | firejail-5129e321ca42172bf8e6b85c5679adb8da163492.tar.gz firejail-5129e321ca42172bf8e6b85c5679adb8da163492.tar.zst firejail-5129e321ca42172bf8e6b85c5679adb8da163492.zip |
fix seccomp.keep for #1490
Diffstat (limited to 'src/fseccomp')
-rw-r--r-- | src/fseccomp/seccomp.c | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/src/fseccomp/seccomp.c b/src/fseccomp/seccomp.c index 0112d8aec..7ae74c340 100644 --- a/src/fseccomp/seccomp.c +++ b/src/fseccomp/seccomp.c | |||
@@ -188,6 +188,12 @@ void seccomp_keep(const char *fname1, const char *fname2, char *list) { | |||
188 | // close file | 188 | // close file |
189 | close(fd); | 189 | close(fd); |
190 | 190 | ||
191 | #if 0 | ||
192 | // There is something very wrong here with the file descriptors, "ls -l /proc/self/fd" will show no file | ||
193 | // after running this code. We don't need the postexec filter in this case anyway. | ||
194 | printf("@@seccomp_keep start %s %s %s\n", fname1, fname2, list); | ||
195 | system("ls -l /proc/self/fd"); | ||
196 | printf("@@seccomp_keep start %s %s %s\n", fname1, fname2, list); | ||
191 | // open file for post-exec filter | 197 | // open file for post-exec filter |
192 | fd = open(fname2, O_CREAT|O_WRONLY|O_TRUNC, S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH); | 198 | fd = open(fname2, O_CREAT|O_WRONLY|O_TRUNC, S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH); |
193 | if (fd < 0) { | 199 | if (fd < 0) { |
@@ -207,6 +213,10 @@ void seccomp_keep(const char *fname1, const char *fname2, char *list) { | |||
207 | 213 | ||
208 | // close file | 214 | // close file |
209 | close(fd); | 215 | close(fd); |
216 | printf("@@seccomp_keep end %s %s %s\n", fname1, fname2, list); | ||
217 | system("ls -l /proc/self/fd"); | ||
218 | printf("@@seccomp_keep end %s %s %s\n", fname1, fname2, list); | ||
219 | #endif | ||
210 | } | 220 | } |
211 | 221 | ||
212 | void memory_deny_write_execute(const char *fname) { | 222 | void memory_deny_write_execute(const char *fname) { |