From dab45ad9360c78569a21e0e596d52586f996a675 Mon Sep 17 00:00:00 2001 From: Victor Hsieh Date: Mon, 15 Jan 2018 11:04:26 -0800 Subject: [PATCH] Do not set PR_SET_NO_NEW_PRIVS when install seccomp filter Setting PR_SET_NO_NEW_PRIVS actually breaks SELinux domain transition (of debuggerd, for example). Do not set the bit when install the filter. Instead, the caller must either have done it, or have CAP_SYS_ADMIN. Test: build Bug: 63944145 Bug: 71859146 Change-Id: I2af334fed61cac03fd0b3b5c8866e2e72b31cf17 --- libc/seccomp/seccomp_policy.cpp | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/libc/seccomp/seccomp_policy.cpp b/libc/seccomp/seccomp_policy.cpp index 99a821fc6..fde1a9f82 100644 --- a/libc/seccomp/seccomp_policy.cpp +++ b/libc/seccomp/seccomp_policy.cpp @@ -133,11 +133,7 @@ static bool install_filter(filter const& f) { static_cast(f.size()), const_cast(&f[0]), }; - - if (prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0) == -1) { - PLOG(FATAL) << "Could not set to no new privs"; - return false; - } + // This assumes either the current process has CAP_SYS_ADMIN, or PR_SET_NO_NEW_PRIVS bit is set. if (prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, &prog) < 0) { PLOG(FATAL) << "Could not set seccomp filter of size " << f.size(); return false;