diff options
Diffstat (limited to 'src/fseccomp')
| -rw-r--r-- | src/fseccomp/Makefile.in | 4 | ||||
| -rw-r--r-- | src/fseccomp/fseccomp.h | 1 | ||||
| -rw-r--r-- | src/fseccomp/main.c | 8 | ||||
| -rw-r--r-- | src/fseccomp/seccomp_secondary.c | 2 |
4 files changed, 5 insertions, 10 deletions
diff --git a/src/fseccomp/Makefile.in b/src/fseccomp/Makefile.in index 8623db6f8..b776a73ce 100644 --- a/src/fseccomp/Makefile.in +++ b/src/fseccomp/Makefile.in | |||
| @@ -5,8 +5,8 @@ include ../common.mk | |||
| 5 | %.o : %.c $(H_FILE_LIST) ../include/common.h ../include/syscall.h | 5 | %.o : %.c $(H_FILE_LIST) ../include/common.h ../include/syscall.h |
| 6 | $(CC) $(CFLAGS) $(EXTRA_CFLAGS) $(INCLUDE) -c $< -o $@ | 6 | $(CC) $(CFLAGS) $(EXTRA_CFLAGS) $(INCLUDE) -c $< -o $@ |
| 7 | 7 | ||
| 8 | fseccomp: $(OBJS) ../lib/errno.o ../lib/syscall.o | 8 | fseccomp: $(OBJS) ../lib/common.o ../lib/errno.o ../lib/syscall.o |
| 9 | $(CC) $(LDFLAGS) -o $@ $(OBJS) ../lib/errno.o ../lib/syscall.o $(LIBS) $(EXTRA_LDFLAGS) | 9 | $(CC) $(LDFLAGS) -o $@ $(OBJS) ../lib/common.o ../lib/errno.o ../lib/syscall.o $(LIBS) $(EXTRA_LDFLAGS) |
| 10 | 10 | ||
| 11 | clean:; rm -fr *.o fseccomp *.gcov *.gcda *.gcno *.plist | 11 | clean:; rm -fr *.o fseccomp *.gcov *.gcda *.gcno *.plist |
| 12 | 12 | ||
diff --git a/src/fseccomp/fseccomp.h b/src/fseccomp/fseccomp.h index e40999938..e8dd083b6 100644 --- a/src/fseccomp/fseccomp.h +++ b/src/fseccomp/fseccomp.h | |||
| @@ -23,7 +23,6 @@ | |||
| 23 | #include <stdlib.h> | 23 | #include <stdlib.h> |
| 24 | #include <string.h> | 24 | #include <string.h> |
| 25 | #include <assert.h> | 25 | #include <assert.h> |
| 26 | #include <sys/prctl.h> | ||
| 27 | #include "../include/common.h" | 26 | #include "../include/common.h" |
| 28 | #include "../include/syscall.h" | 27 | #include "../include/syscall.h" |
| 29 | 28 | ||
diff --git a/src/fseccomp/main.c b/src/fseccomp/main.c index f505ca0f3..f47efb5e8 100644 --- a/src/fseccomp/main.c +++ b/src/fseccomp/main.c | |||
| @@ -20,7 +20,7 @@ | |||
| 20 | #include "fseccomp.h" | 20 | #include "fseccomp.h" |
| 21 | #include "../include/seccomp.h" | 21 | #include "../include/seccomp.h" |
| 22 | int arg_quiet = 0; | 22 | int arg_quiet = 0; |
| 23 | int arg_seccomp_error_action = EPERM; // error action: errno, log or kill | 23 | int arg_seccomp_error_action = SECCOMP_RET_ERRNO | EPERM; // error action: errno, log or kill |
| 24 | 24 | ||
| 25 | static void usage(void) { | 25 | static void usage(void) { |
| 26 | printf("Usage:\n"); | 26 | printf("Usage:\n"); |
| @@ -69,11 +69,7 @@ printf("\n"); | |||
| 69 | return 0; | 69 | return 0; |
| 70 | } | 70 | } |
| 71 | 71 | ||
| 72 | #ifdef WARN_DUMPABLE | 72 | warn_dumpable(); |
| 73 | // check FIREJAIL_PLUGIN in order to not print a warning during make | ||
| 74 | if (prctl(PR_GET_DUMPABLE, 0, 0, 0, 0) == 1 && getuid() && getenv("FIREJAIL_PLUGIN")) | ||
| 75 | fprintf(stderr, "Error fseccomp: I am dumpable\n"); | ||
| 76 | #endif | ||
| 77 | 73 | ||
| 78 | char *quiet = getenv("FIREJAIL_QUIET"); | 74 | char *quiet = getenv("FIREJAIL_QUIET"); |
| 79 | if (quiet && strcmp(quiet, "yes") == 0) | 75 | if (quiet && strcmp(quiet, "yes") == 0) |
diff --git a/src/fseccomp/seccomp_secondary.c b/src/fseccomp/seccomp_secondary.c index f024859d3..b8e8d0a89 100644 --- a/src/fseccomp/seccomp_secondary.c +++ b/src/fseccomp/seccomp_secondary.c | |||
| @@ -126,7 +126,7 @@ void seccomp_secondary_block(const char *fname) { | |||
| 126 | EXAMINE_SYSCALL, | 126 | EXAMINE_SYSCALL, |
| 127 | #if defined(__x86_64__) | 127 | #if defined(__x86_64__) |
| 128 | // block x32 | 128 | // block x32 |
| 129 | HANDLE_X32_KILL, | 129 | HANDLE_X32, |
| 130 | #endif | 130 | #endif |
| 131 | // block personality(2) where domain != PER_LINUX or 0xffffffff (query current personality) | 131 | // block personality(2) where domain != PER_LINUX or 0xffffffff (query current personality) |
| 132 | // 0: if personality(2), continue to 1, else goto 7 (allow) | 132 | // 0: if personality(2), continue to 1, else goto 7 (allow) |