diff options
author | netblue30 <netblue30@yahoo.com> | 2018-09-05 11:17:07 -0400 |
---|---|---|
committer | netblue30 <netblue30@yahoo.com> | 2018-09-05 11:17:07 -0400 |
commit | d7e5a6ac35af9b1d48231c9797f229ea0afcea5a (patch) | |
tree | 36954d87369331bf971ef434ce3e44c3ec07b18b /src | |
parent | improve safe_fd() function for better readability and auditability (diff) | |
download | firejail-d7e5a6ac35af9b1d48231c9797f229ea0afcea5a.tar.gz firejail-d7e5a6ac35af9b1d48231c9797f229ea0afcea5a.tar.zst firejail-d7e5a6ac35af9b1d48231c9797f229ea0afcea5a.zip |
cleanup
Diffstat (limited to 'src')
-rw-r--r-- | src/firejail/sbox.c | 1 | ||||
-rw-r--r-- | src/libpostexecseccomp/libpostexecseccomp.c | 4 |
2 files changed, 4 insertions, 1 deletions
diff --git a/src/firejail/sbox.c b/src/firejail/sbox.c index 1c6f3c327..10c96225a 100644 --- a/src/firejail/sbox.c +++ b/src/firejail/sbox.c | |||
@@ -139,6 +139,7 @@ int sbox_run(unsigned filter, int num, ...) { | |||
139 | exit(1); | 139 | exit(1); |
140 | } | 140 | } |
141 | dup2(fd,STDIN_FILENO); | 141 | dup2(fd,STDIN_FILENO); |
142 | close(fd); | ||
142 | } | 143 | } |
143 | else if ((filter & SBOX_ALLOW_STDIN) == 0) { | 144 | else if ((filter & SBOX_ALLOW_STDIN) == 0) { |
144 | int fd = open("/dev/null",O_RDWR, 0); | 145 | int fd = open("/dev/null",O_RDWR, 0); |
diff --git a/src/libpostexecseccomp/libpostexecseccomp.c b/src/libpostexecseccomp/libpostexecseccomp.c index de64d50c5..856adb8fe 100644 --- a/src/libpostexecseccomp/libpostexecseccomp.c +++ b/src/libpostexecseccomp/libpostexecseccomp.c | |||
@@ -32,8 +32,10 @@ static void load_seccomp(void) { | |||
32 | return; | 32 | return; |
33 | 33 | ||
34 | off_t size = lseek(fd, 0, SEEK_END); | 34 | off_t size = lseek(fd, 0, SEEK_END); |
35 | if (size <= 0) | 35 | if (size <= 0) { |
36 | close(fd); | ||
36 | return; | 37 | return; |
38 | } | ||
37 | unsigned short entries = (unsigned short) size / (unsigned short) sizeof(struct sock_filter); | 39 | unsigned short entries = (unsigned short) size / (unsigned short) sizeof(struct sock_filter); |
38 | struct sock_filter *filter = MAP_FAILED; | 40 | struct sock_filter *filter = MAP_FAILED; |
39 | if (size != 0) | 41 | if (size != 0) |