sandbox: sandbox-linux: Adapt to newest exile.h
This commit is contained in:
@@ -44,7 +44,7 @@ bool SandboxLinux::enable(std::vector<std::string> fsPaths)
|
|||||||
struct exile_policy *policy = exile_init_policy();
|
struct exile_policy *policy = exile_init_policy();
|
||||||
if(policy == NULL)
|
if(policy == NULL)
|
||||||
{
|
{
|
||||||
Logger::error() << "Failed to init sandboxing policy (worker) ";
|
Logger::error() << "Failed to init sandboxing policy";
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
for(unsigned int i = 0; i < fsPaths.size(); i++)
|
for(unsigned int i = 0; i < fsPaths.size(); i++)
|
||||||
@@ -55,10 +55,8 @@ bool SandboxLinux::enable(std::vector<std::string> fsPaths)
|
|||||||
exile_append_path_policies(policy, EXILE_FS_ALLOW_ALL_READ | EXILE_FS_ALLOW_ALL_WRITE, path.c_str());
|
exile_append_path_policies(policy, EXILE_FS_ALLOW_ALL_READ | EXILE_FS_ALLOW_ALL_WRITE, path.c_str());
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
policy->drop_caps = 1;
|
|
||||||
policy->not_dumpable = 1;
|
policy->not_dumpable = 1;
|
||||||
policy->no_new_privs = 1;
|
policy->no_new_privs = 1;
|
||||||
policy->mount_path_policies_to_chroot = 1;
|
|
||||||
policy->vow_promises = exile_vows_from_str("stdio wpath cpath rpath inet unix thread");
|
policy->vow_promises = exile_vows_from_str("stdio wpath cpath rpath inet unix thread");
|
||||||
if(exile_enable_policy(policy) != 0)
|
if(exile_enable_policy(policy) != 0)
|
||||||
{
|
{
|
||||||
|
|||||||
Referens i nytt ärende
Block a user