From 4861cca38fcb73bae53f85ff8369c6acd535460e Mon Sep 17 00:00:00 2001 From: netblue30 Date: Sun, 27 Aug 2017 08:04:35 -0400 Subject: cleanup --- src/fseccomp/seccomp.c | 32 ++------------------------------ 1 file changed, 2 insertions(+), 30 deletions(-) (limited to 'src/fseccomp') diff --git a/src/fseccomp/seccomp.c b/src/fseccomp/seccomp.c index 7ae74c340..8abc249ec 100644 --- a/src/fseccomp/seccomp.c +++ b/src/fseccomp/seccomp.c @@ -164,6 +164,8 @@ void seccomp_default_drop(const char *fname1, const char *fname2, char *list, in } void seccomp_keep(const char *fname1, const char *fname2, char *list) { + (void) fname2; + // open file for pre-exec filter int fd = open(fname1, O_CREAT|O_WRONLY|O_TRUNC, S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH); if (fd < 0) { @@ -187,36 +189,6 @@ void seccomp_keep(const char *fname1, const char *fname2, char *list) { // close file close(fd); - -#if 0 -// There is something very wrong here with the file descriptors, "ls -l /proc/self/fd" will show no file -// after running this code. We don't need the postexec filter in this case anyway. -printf("@@seccomp_keep start %s %s %s\n", fname1, fname2, list); -system("ls -l /proc/self/fd"); -printf("@@seccomp_keep start %s %s %s\n", fname1, fname2, list); - // open file for post-exec filter - fd = open(fname2, O_CREAT|O_WRONLY|O_TRUNC, S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH); - if (fd < 0) { - fprintf(stderr, "Error fseccomp: cannot open %s file\n", fname2); - exit(1); - } - - // build post-exec filter: whitelist without @default-keep - filter_init(fd); - - if (syscall_check_list(list, filter_add_whitelist, fd, 0, NULL)) { - fprintf(stderr, "Error fseccomp: cannot build seccomp filter\n"); - exit(1); - } - - filter_end_whitelist(fd); - - // close file - close(fd); -printf("@@seccomp_keep end %s %s %s\n", fname1, fname2, list); -system("ls -l /proc/self/fd"); -printf("@@seccomp_keep end %s %s %s\n", fname1, fname2, list); -#endif } void memory_deny_write_execute(const char *fname) { -- cgit v1.2.3-54-g00ecf