diff options
-rw-r--r-- | src/firejail/seccomp.c | 6 | ||||
-rw-r--r-- | src/libpostexecseccomp/libpostexecseccomp.c | 4 |
2 files changed, 8 insertions, 2 deletions
diff --git a/src/firejail/seccomp.c b/src/firejail/seccomp.c index 0cd6ac7ec..9fcf74c02 100644 --- a/src/firejail/seccomp.c +++ b/src/firejail/seccomp.c | |||
@@ -70,9 +70,11 @@ int seccomp_install_filters(void) { | |||
70 | assert(fl->fname); | 70 | assert(fl->fname); |
71 | if (arg_debug) | 71 | if (arg_debug) |
72 | printf("Installing %s seccomp filter\n", fl->fname); | 72 | printf("Installing %s seccomp filter\n", fl->fname); |
73 | 73 | #ifdef SECCOMP_FILTER_FLAG_LOG | |
74 | if (syscall(SYS_seccomp, SECCOMP_SET_MODE_FILTER, SECCOMP_FILTER_FLAG_LOG, &fl->prog)) { | ||
75 | #else | ||
74 | if (prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, &fl->prog)) { | 76 | if (prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, &fl->prog)) { |
75 | 77 | #endif | |
76 | if (!err_printed) | 78 | if (!err_printed) |
77 | fwarning("seccomp disabled, it requires a Linux kernel version 3.5 or newer.\n"); | 79 | fwarning("seccomp disabled, it requires a Linux kernel version 3.5 or newer.\n"); |
78 | err_printed = 1; | 80 | err_printed = 1; |
diff --git a/src/libpostexecseccomp/libpostexecseccomp.c b/src/libpostexecseccomp/libpostexecseccomp.c index e2339547e..c8f1fb3fb 100644 --- a/src/libpostexecseccomp/libpostexecseccomp.c +++ b/src/libpostexecseccomp/libpostexecseccomp.c | |||
@@ -55,6 +55,10 @@ static void load_seccomp(void) { | |||
55 | }; | 55 | }; |
56 | 56 | ||
57 | prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0); | 57 | prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0); |
58 | #ifdef SECCOMP_FILTER_FLAG_LOG | ||
59 | syscall(SYS_seccomp, SECCOMP_SET_MODE_FILTER, SECCOMP_FILTER_FLAG_LOG, &prog); | ||
60 | #else | ||
58 | prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, &prog); | 61 | prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, &prog); |
62 | #endif | ||
59 | munmap(filter, size); | 63 | munmap(filter, size); |
60 | } | 64 | } |