diff options
| author |  netblue30 <netblue30@yahoo.com> | 2016-08-20 10:20:32 -0400 |
|---|---|---|
| committer | netblue30 <netblue30@yahoo.com> | 2016-08-20 10:20:32 -0400 |
| commit | af582c79f9115daa4f0d6570eb33a5512d05492a (patch) | |
| tree | bfa72487e5aa68dd8facd060500c5ab8eef71f47 /src | |
| parent | starting LTS branch (diff) | |
| download | firejail-af582c79f9115daa4f0d6570eb33a5512d05492a.tar.gz firejail-af582c79f9115daa4f0d6570eb33a5512d05492a.tar.zst firejail-af582c79f9115daa4f0d6570eb33a5512d05492a.zip | |
disable x32 ABI
Diffstat (limited to 'src')
| -rw-r--r-- | src/firejail/seccomp.c | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/src/firejail/seccomp.c b/src/firejail/seccomp.c index 7a015963b..0826822bd 100644 --- a/src/firejail/seccomp.c +++ b/src/firejail/seccomp.c | |||
| @@ -101,10 +101,22 @@ static void filter_init(void) { | |||
| 101 | sfilter_alloc_size = SECSIZE; | 101 | sfilter_alloc_size = SECSIZE; |
| 102 | 102 | ||
| 103 | // copy the start entries | 103 | // copy the start entries |
| 104 | #if defined(__x86_64__) | ||
| 105 | #define X32_SYSCALL_BIT 0x40000000 | ||
| 106 | struct sock_filter filter[] = { | ||
| 107 | VALIDATE_ARCHITECTURE, | ||
| 108 | EXAMINE_SYSCALL, | ||
| 109 | // handle X32 ABI | ||
| 110 | BPF_JUMP(BPF_JMP+BPF_JGE+BPF_K, X32_SYSCALL_BIT, 1, 0), | ||
| 111 | BPF_JUMP(BPF_JMP+BPF_JGE+BPF_K, 0, 1, 0), | ||
| 112 | RETURN_ERRNO(EPERM) | ||
| 113 | }; | ||
| 114 | #else | ||
| 104 | struct sock_filter filter[] = { | 115 | struct sock_filter filter[] = { |
| 105 | VALIDATE_ARCHITECTURE, | 116 | VALIDATE_ARCHITECTURE, |
| 106 | EXAMINE_SYSCALL | 117 | EXAMINE_SYSCALL |
| 107 | }; | 118 | }; |
| 119 | #endif | ||
| 108 | sfilter_index = sizeof(filter) / sizeof(struct sock_filter); | 120 | sfilter_index = sizeof(filter) / sizeof(struct sock_filter); |
| 109 | memcpy(sfilter, filter, sizeof(filter)); | 121 | memcpy(sfilter, filter, sizeof(filter)); |
| 110 | } | 122 | } |