From b2306299d5cba0fdb40c348cfc17d105078104e0 Mon Sep 17 00:00:00 2001 From: Albert S Date: Tue, 28 Dec 2021 13:17:20 +0100 Subject: [PATCH] vow: fix clone filter broken by ca0f8279 --- exile.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/exile.h b/exile.h index 30c24d5..4ab65f1 100644 --- a/exile.h +++ b/exile.h @@ -733,8 +733,8 @@ static int get_vow_argfilter(long syscall, uint64_t vow_promises, struct sock_fi struct sock_filter clone_filter[] = { /* It's the first argument for x86_64 */ EXILE_BPF_LOAD_SECCOMP_ARG(0), - EXILE_BPF_NO_MATCH_SET(CLONE_VM), - EXILE_BPF_NO_MATCH_SET(CLONE_THREAD), + EXILE_BPF_CMP_SET(CLONE_VM, 0, EXILE_SYSCALL_EXIT_BPF_NO_MATCH), + EXILE_BPF_CMP_SET(CLONE_THREAD, 0, EXILE_SYSCALL_EXIT_BPF_NO_MATCH), EXILE_BPF_NO_MATCH_SET(CLONE_NEWCGROUP), EXILE_BPF_NO_MATCH_SET(CLONE_NEWIPC), EXILE_BPF_NO_MATCH_SET(CLONE_NEWNET),