bpf: Use SECCOMP_RET_KILL_PROCESS instead SECCOMP_RET_KILL

We generally want to kill the process not the thread.
This commit is contained in:
Albert S. 2021-08-12 11:40:29 +02:00
parent fa06287b13
commit 5cd45c09b7

4
qssb.h
View File

@ -677,7 +677,7 @@ static int seccomp_enable(int *syscalls, size_t n, unsigned int per_syscall, uns
*/ */
static int seccomp_enable_blacklist(int *syscalls, size_t n) static int seccomp_enable_blacklist(int *syscalls, size_t n)
{ {
return seccomp_enable(syscalls, n, SECCOMP_RET_KILL, SECCOMP_RET_ALLOW); return seccomp_enable(syscalls, n, SECCOMP_RET_KILL_PROCESS, SECCOMP_RET_ALLOW);
} }
/* /*
@ -687,7 +687,7 @@ static int seccomp_enable_blacklist(int *syscalls, size_t n)
*/ */
static int seccomp_enable_whitelist(int *syscalls, size_t n) static int seccomp_enable_whitelist(int *syscalls, size_t n)
{ {
return seccomp_enable(syscalls, n, SECCOMP_RET_ALLOW, SECCOMP_RET_KILL); return seccomp_enable(syscalls, n, SECCOMP_RET_ALLOW, SECCOMP_RET_KILL_PROCESS);
} }
#if HAVE_LANDLOCK == 1 #if HAVE_LANDLOCK == 1