pa-fazil
/
android_bionic
mirror of https://github.com/fazilsheik96/android_bionic.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge "Do not set PR_SET_NO_NEW_PRIVS when install seccomp filter"

This commit is contained in:
Treehugger Robot 2018-01-16 17:33:31 +00:00 committed by Gerrit Code Review
parent d16b09a4d2 dab45ad936
commit 0d63a3c233
1 changed files with 1 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
libc/seccomp/seccomp_policy.cpp
View File

@ -133,11 +133,7 @@ static bool install_filter(filter const& f) {
static_cast<unsigned short>(f.size()),
const_cast<struct sock_filter*>(&f[0]),
};
if (prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0) == -1) {
PLOG(FATAL) << "Could not set to no new privs";
return false;
}
// This assumes either the current process has CAP_SYS_ADMIN, or PR_SET_NO_NEW_PRIVS bit is set.
if (prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, &prog) < 0) {
PLOG(FATAL) << "Could not set seccomp filter of size " << f.size();
return false;