diff options
author | netblue30 <netblue30@yahoo.com> | 2017-08-22 18:54:28 -0400 |
---|---|---|
committer | netblue30 <netblue30@yahoo.com> | 2017-08-22 18:54:28 -0400 |
commit | 0bbc5dc8bd769691d73ded2b3589c1482746926e (patch) | |
tree | 4c31bfe923cec70a8d4df544d6b5200a3fa067a2 /src/fseccomp | |
parent | testing (diff) | |
download | firejail-0bbc5dc8bd769691d73ded2b3589c1482746926e.tar.gz firejail-0bbc5dc8bd769691d73ded2b3589c1482746926e.tar.zst firejail-0bbc5dc8bd769691d73ded2b3589c1482746926e.zip |
seccomp: fix errno
Diffstat (limited to 'src/fseccomp')
-rw-r--r-- | src/fseccomp/syscall.c | 31 |
1 files changed, 25 insertions, 6 deletions
diff --git a/src/fseccomp/syscall.c b/src/fseccomp/syscall.c index 08ae5953d..8afa3f63d 100644 --- a/src/fseccomp/syscall.c +++ b/src/fseccomp/syscall.c | |||
@@ -492,10 +492,15 @@ int syscall_check_list(const char *slist, void (*callback)(int fd, int syscall, | |||
492 | fprintf(stderr, "Warning fseccomp: syscall \"%s\" not available on this platform\n", ptr); | 492 | fprintf(stderr, "Warning fseccomp: syscall \"%s\" not available on this platform\n", ptr); |
493 | } | 493 | } |
494 | else if (callback != NULL) { | 494 | else if (callback != NULL) { |
495 | if (error_nr != -1) | 495 | if (error_nr != -1 && fd != 0) { |
496 | filter_add_errno(fd, syscall_nr, error_nr, ptrarg); | 496 | filter_add_errno(fd, syscall_nr, error_nr, ptrarg); |
497 | else | 497 | } |
498 | else if (error_nr != -1 && fd == 0) { | ||
499 | callback(fd, syscall_nr, error_nr, ptrarg); | ||
500 | } | ||
501 | else { | ||
498 | callback(fd, syscall_nr, arg, ptrarg); | 502 | callback(fd, syscall_nr, arg, ptrarg); |
503 | } | ||
499 | } | 504 | } |
500 | } | 505 | } |
501 | ptr = strtok_r(NULL, ",", &saveptr); | 506 | ptr = strtok_r(NULL, ",", &saveptr); |
@@ -523,20 +528,34 @@ static void syscall_in_list(int fd, int syscall, int arg, void *ptrarg) { | |||
523 | sl.syscall = syscall; | 528 | sl.syscall = syscall; |
524 | syscall_check_list(ptr->slist, find_syscall, fd, 0, &sl); | 529 | syscall_check_list(ptr->slist, find_syscall, fd, 0, &sl); |
525 | // if found in the problem list, add to post-exec list | 530 | // if found in the problem list, add to post-exec list |
526 | if (sl.found) | 531 | if (sl.found) { |
527 | if (ptr->postlist) { | 532 | if (ptr->postlist) { |
528 | if (asprintf(&ptr->postlist, "%s,%s", ptr->postlist, syscall_find_nr(syscall)) == -1) | 533 | if (asprintf(&ptr->postlist, "%s,%s", ptr->postlist, syscall_find_nr(syscall)) == -1) |
529 | errExit("asprintf"); | 534 | errExit("asprintf"); |
530 | } | 535 | } |
531 | else | 536 | else |
532 | ptr->postlist = strdup(syscall_find_nr(syscall)); | 537 | ptr->postlist = strdup(syscall_find_nr(syscall)); |
533 | else // no problem, add to pre-exec list | 538 | } |
539 | else { // no problem, add to pre-exec list | ||
540 | // build syscall:error_no | ||
541 | char *newcall; | ||
542 | if (arg != 0) { | ||
543 | if (asprintf(&newcall, "%s:%s", syscall_find_nr(syscall), errno_find_nr(arg)) == -1) | ||
544 | errExit("asprintf"); | ||
545 | } | ||
546 | else { | ||
547 | newcall = strdup(syscall_find_nr(syscall)); | ||
548 | if (!newcall) | ||
549 | errExit("strdup"); | ||
550 | } | ||
551 | |||
534 | if (ptr->prelist) { | 552 | if (ptr->prelist) { |
535 | if (asprintf(&ptr->prelist, "%s,%s", ptr->prelist, syscall_find_nr(syscall)) == -1) | 553 | if (asprintf(&ptr->prelist, "%s,%s", ptr->prelist, newcall) == -1) |
536 | errExit("asprintf"); | 554 | errExit("asprintf"); |
537 | } | 555 | } |
538 | else | 556 | else |
539 | ptr->prelist = strdup(syscall_find_nr(syscall)); | 557 | ptr->prelist = newcall; |
558 | } | ||
540 | } | 559 | } |
541 | 560 | ||
542 | // go through list and find matches for syscalls in list @default-keep | 561 | // go through list and find matches for syscalls in list @default-keep |