diff options
author | netblue30 <netblue30@yahoo.com> | 2016-12-01 20:55:01 -0500 |
---|---|---|
committer | netblue30 <netblue30@yahoo.com> | 2016-12-01 20:55:01 -0500 |
commit | 89a0adc3cd1677f7b8cb129649fda8165c47f6d9 (patch) | |
tree | 69c80f90ab5e5d3b2689b6e84261bde383c84658 /src | |
parent | cleanup (diff) | |
download | firejail-89a0adc3cd1677f7b8cb129649fda8165c47f6d9.tar.gz firejail-89a0adc3cd1677f7b8cb129649fda8165c47f6d9.tar.zst firejail-89a0adc3cd1677f7b8cb129649fda8165c47f6d9.zip |
testing
Diffstat (limited to 'src')
-rw-r--r-- | src/firejail/seccomp.c | 9 |
1 files changed, 2 insertions, 7 deletions
diff --git a/src/firejail/seccomp.c b/src/firejail/seccomp.c index cdbbe4fdd..96dfdaff2 100644 --- a/src/firejail/seccomp.c +++ b/src/firejail/seccomp.c | |||
@@ -195,10 +195,8 @@ int seccomp_filter_keep(void) { | |||
195 | printf("Build drop seccomp filter\n"); | 195 | printf("Build drop seccomp filter\n"); |
196 | 196 | ||
197 | // build the seccomp filter as a regular user | 197 | // build the seccomp filter as a regular user |
198 | int rv = sbox_run(SBOX_USER | SBOX_CAPS_NONE | SBOX_SECCOMP, 4, | 198 | sbox_run(SBOX_USER | SBOX_CAPS_NONE | SBOX_SECCOMP, 4, |
199 | PATH_FSECCOMP, "keep", RUN_SECCOMP_CFG, cfg.seccomp_list_keep); | 199 | PATH_FSECCOMP, "keep", RUN_SECCOMP_CFG, cfg.seccomp_list_keep); |
200 | if (rv) | ||
201 | exit(rv); | ||
202 | if (arg_debug) | 200 | if (arg_debug) |
203 | printf("seccomp filter configured\n"); | 201 | printf("seccomp filter configured\n"); |
204 | 202 | ||
@@ -246,10 +244,7 @@ void seccomp_print_filter(pid_t pid) { | |||
246 | } | 244 | } |
247 | 245 | ||
248 | // read and print the filter - run this as root, the user doesn't have access | 246 | // read and print the filter - run this as root, the user doesn't have access |
249 | int rv = sbox_run(SBOX_ROOT | SBOX_SECCOMP, 3, | 247 | sbox_run(SBOX_ROOT | SBOX_SECCOMP, 3, PATH_FSECCOMP, "print", fname); |
250 | PATH_FSECCOMP, "print", fname); | ||
251 | if (rv) | ||
252 | exit(rv); | ||
253 | free(fname); | 248 | free(fname); |
254 | 249 | ||
255 | exit(0); | 250 | exit(0); |