1 files changed, 10 insertions, 10 deletions
diff --git a/src/fseccomp/seccomp.c b/src/fseccomp/seccomp.c
index 0db7b5954..e808538b0 100644
--- a/src/fseccomp/seccomp.c
+++ b/src/fseccomp/seccomp.c
@@ -255,7 +255,7 @@ void memory_deny_write_execute(const char *fname) {
                EXAMINE_ARGUMENT(2),
                BPF_STMT(BPF_ALU+BPF_AND+BPF_K, PROT_WRITE|PROT_EXEC),
                BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, PROT_WRITE|PROT_EXEC, 0, 1),
-                KILL_PROCESS,
+                KILL_OR_RETURN_ERRNO,
                RETURN_ALLOW,
 #endif
@@ -264,7 +264,7 @@ void memory_deny_write_execute(const char *fname) {
                EXAMINE_ARGUMENT(2),
                BPF_STMT(BPF_ALU+BPF_AND+BPF_K, PROT_EXEC),
                BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, PROT_EXEC, 0, 1),
-                KILL_PROCESS,
+                KILL_OR_RETURN_ERRNO,
                RETURN_ALLOW,
                // same for pkey_mprotect(,,PROT_EXEC), where available
@@ -273,7 +273,7 @@ void memory_deny_write_execute(const char *fname) {
                EXAMINE_ARGUMENT(2),
                BPF_STMT(BPF_ALU+BPF_AND+BPF_K, PROT_EXEC),
                BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, PROT_EXEC, 0, 1),
-                KILL_PROCESS,
+                KILL_OR_RETURN_ERRNO,
                RETURN_ALLOW,
 #endif
@@ -284,7 +284,7 @@ void memory_deny_write_execute(const char *fname) {
                EXAMINE_ARGUMENT(2),
                BPF_STMT(BPF_ALU+BPF_AND+BPF_K, SHM_EXEC),
                BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, SHM_EXEC, 0, 1),
-                KILL_PROCESS,
+                KILL_OR_RETURN_ERRNO,
                RETURN_ALLOW,
 #endif
 #ifdef SYS_memfd_create
@@ -292,7 +292,7 @@ void memory_deny_write_execute(const char *fname) {
                // arbitrary memory contents which can be later mapped
                // as executable
                BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, SYS_memfd_create, 0, 1),
-                KILL_PROCESS,
+                KILL_OR_RETURN_ERRNO,
                RETURN_ALLOW
 #endif
        };
@@ -327,7 +327,7 @@ void memory_deny_write_execute_32(const char *fname) {
                EXAMINE_ARGUMENT(2),
                BPF_STMT(BPF_ALU+BPF_AND+BPF_K, PROT_WRITE|PROT_EXEC),
                BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, PROT_WRITE|PROT_EXEC, 0, 1),
-                KILL_PROCESS,
+                KILL_OR_RETURN_ERRNO,
                RETURN_ALLOW,
 #endif
 #ifdef mprotect_32
@@ -336,7 +336,7 @@ void memory_deny_write_execute_32(const char *fname) {
                EXAMINE_ARGUMENT(2),
                BPF_STMT(BPF_ALU+BPF_AND+BPF_K, PROT_EXEC),
                BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, PROT_EXEC, 0, 1),
-                KILL_PROCESS,
+                KILL_OR_RETURN_ERRNO,
                RETURN_ALLOW,
 #endif
 #ifdef pkey_mprotect_32
@@ -345,7 +345,7 @@ void memory_deny_write_execute_32(const char *fname) {
                EXAMINE_ARGUMENT(2),
                BPF_STMT(BPF_ALU+BPF_AND+BPF_K, PROT_EXEC),
                BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, PROT_EXEC, 0, 1),
-                KILL_PROCESS,
+                KILL_OR_RETURN_ERRNO,
                RETURN_ALLOW,
 #endif
@@ -355,7 +355,7 @@ void memory_deny_write_execute_32(const char *fname) {
                EXAMINE_ARGUMENT(2),
                BPF_STMT(BPF_ALU+BPF_AND+BPF_K, SHM_EXEC),
                BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, SHM_EXEC, 0, 1),
-                KILL_PROCESS,
+                KILL_OR_RETURN_ERRNO,
                RETURN_ALLOW,
 #endif
 #ifdef memfd_create_32
@@ -363,7 +363,7 @@ void memory_deny_write_execute_32(const char *fname) {
                // arbitrary memory contents which can be later mapped
                // as executable
                BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, memfd_create_32, 0, 1),
-                KILL_PROCESS,
+                KILL_OR_RETURN_ERRNO,
 #endif
 #endif
                RETURN_ALLOW

diff --git a/src/fseccomp/seccomp.c b/src/fseccomp/seccomp.c index 0db7b5954..e808538b0 100644 --- a/src/fseccomp/seccomp.c +++ b/src/fseccomp/seccomp.c
@@ -255,7 +255,7 @@ void memory_deny_write_execute(const char *fname) {
255	EXAMINE_ARGUMENT(2),	255	EXAMINE_ARGUMENT(2),
256	BPF_STMT(BPF_ALU+BPF_AND+BPF_K, PROT_WRITE\|PROT_EXEC),	256	BPF_STMT(BPF_ALU+BPF_AND+BPF_K, PROT_WRITE\|PROT_EXEC),
257	BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, PROT_WRITE\|PROT_EXEC, 0, 1),	257	BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, PROT_WRITE\|PROT_EXEC, 0, 1),
258	KILL_PROCESS,	258	KILL_OR_RETURN_ERRNO,
259	RETURN_ALLOW,	259	RETURN_ALLOW,
260	#endif	260	#endif
261		261
@@ -264,7 +264,7 @@ void memory_deny_write_execute(const char *fname) {
264	EXAMINE_ARGUMENT(2),	264	EXAMINE_ARGUMENT(2),
265	BPF_STMT(BPF_ALU+BPF_AND+BPF_K, PROT_EXEC),	265	BPF_STMT(BPF_ALU+BPF_AND+BPF_K, PROT_EXEC),
266	BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, PROT_EXEC, 0, 1),	266	BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, PROT_EXEC, 0, 1),
267	KILL_PROCESS,	267	KILL_OR_RETURN_ERRNO,
268	RETURN_ALLOW,	268	RETURN_ALLOW,
269		269
270	// same for pkey_mprotect(,,PROT_EXEC), where available	270	// same for pkey_mprotect(,,PROT_EXEC), where available
@@ -273,7 +273,7 @@ void memory_deny_write_execute(const char *fname) {
273	EXAMINE_ARGUMENT(2),	273	EXAMINE_ARGUMENT(2),
274	BPF_STMT(BPF_ALU+BPF_AND+BPF_K, PROT_EXEC),	274	BPF_STMT(BPF_ALU+BPF_AND+BPF_K, PROT_EXEC),
275	BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, PROT_EXEC, 0, 1),	275	BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, PROT_EXEC, 0, 1),
276	KILL_PROCESS,	276	KILL_OR_RETURN_ERRNO,
277	RETURN_ALLOW,	277	RETURN_ALLOW,
278	#endif	278	#endif
279		279
@@ -284,7 +284,7 @@ void memory_deny_write_execute(const char *fname) {
284	EXAMINE_ARGUMENT(2),	284	EXAMINE_ARGUMENT(2),
285	BPF_STMT(BPF_ALU+BPF_AND+BPF_K, SHM_EXEC),	285	BPF_STMT(BPF_ALU+BPF_AND+BPF_K, SHM_EXEC),
286	BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, SHM_EXEC, 0, 1),	286	BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, SHM_EXEC, 0, 1),
287	KILL_PROCESS,	287	KILL_OR_RETURN_ERRNO,
288	RETURN_ALLOW,	288	RETURN_ALLOW,
289	#endif	289	#endif
290	#ifdef SYS_memfd_create	290	#ifdef SYS_memfd_create
@@ -292,7 +292,7 @@ void memory_deny_write_execute(const char *fname) {
292	// arbitrary memory contents which can be later mapped	292	// arbitrary memory contents which can be later mapped
293	// as executable	293	// as executable
294	BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, SYS_memfd_create, 0, 1),	294	BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, SYS_memfd_create, 0, 1),
295	KILL_PROCESS,	295	KILL_OR_RETURN_ERRNO,
296	RETURN_ALLOW	296	RETURN_ALLOW
297	#endif	297	#endif
298	};	298	};
@@ -327,7 +327,7 @@ void memory_deny_write_execute_32(const char *fname) {
327	EXAMINE_ARGUMENT(2),	327	EXAMINE_ARGUMENT(2),
328	BPF_STMT(BPF_ALU+BPF_AND+BPF_K, PROT_WRITE\|PROT_EXEC),	328	BPF_STMT(BPF_ALU+BPF_AND+BPF_K, PROT_WRITE\|PROT_EXEC),
329	BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, PROT_WRITE\|PROT_EXEC, 0, 1),	329	BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, PROT_WRITE\|PROT_EXEC, 0, 1),
330	KILL_PROCESS,	330	KILL_OR_RETURN_ERRNO,
331	RETURN_ALLOW,	331	RETURN_ALLOW,
332	#endif	332	#endif
333	#ifdef mprotect_32	333	#ifdef mprotect_32
@@ -336,7 +336,7 @@ void memory_deny_write_execute_32(const char *fname) {
336	EXAMINE_ARGUMENT(2),	336	EXAMINE_ARGUMENT(2),
337	BPF_STMT(BPF_ALU+BPF_AND+BPF_K, PROT_EXEC),	337	BPF_STMT(BPF_ALU+BPF_AND+BPF_K, PROT_EXEC),
338	BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, PROT_EXEC, 0, 1),	338	BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, PROT_EXEC, 0, 1),
339	KILL_PROCESS,	339	KILL_OR_RETURN_ERRNO,
340	RETURN_ALLOW,	340	RETURN_ALLOW,
341	#endif	341	#endif
342	#ifdef pkey_mprotect_32	342	#ifdef pkey_mprotect_32
@@ -345,7 +345,7 @@ void memory_deny_write_execute_32(const char *fname) {
345	EXAMINE_ARGUMENT(2),	345	EXAMINE_ARGUMENT(2),
346	BPF_STMT(BPF_ALU+BPF_AND+BPF_K, PROT_EXEC),	346	BPF_STMT(BPF_ALU+BPF_AND+BPF_K, PROT_EXEC),
347	BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, PROT_EXEC, 0, 1),	347	BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, PROT_EXEC, 0, 1),
348	KILL_PROCESS,	348	KILL_OR_RETURN_ERRNO,
349	RETURN_ALLOW,	349	RETURN_ALLOW,
350	#endif	350	#endif
351		351
@@ -355,7 +355,7 @@ void memory_deny_write_execute_32(const char *fname) {
355	EXAMINE_ARGUMENT(2),	355	EXAMINE_ARGUMENT(2),
356	BPF_STMT(BPF_ALU+BPF_AND+BPF_K, SHM_EXEC),	356	BPF_STMT(BPF_ALU+BPF_AND+BPF_K, SHM_EXEC),
357	BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, SHM_EXEC, 0, 1),	357	BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, SHM_EXEC, 0, 1),
358	KILL_PROCESS,	358	KILL_OR_RETURN_ERRNO,
359	RETURN_ALLOW,	359	RETURN_ALLOW,
360	#endif	360	#endif
361	#ifdef memfd_create_32	361	#ifdef memfd_create_32
@@ -363,7 +363,7 @@ void memory_deny_write_execute_32(const char *fname) {
363	// arbitrary memory contents which can be later mapped	363	// arbitrary memory contents which can be later mapped
364	// as executable	364	// as executable
365	BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, memfd_create_32, 0, 1),	365	BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, memfd_create_32, 0, 1),
366	KILL_PROCESS,	366	KILL_OR_RETURN_ERRNO,
367	#endif	367	#endif
368	#endif	368	#endif
369	RETURN_ALLOW	369	RETURN_ALLOW