crtxcr
/
qswiki
1
0
Fork 0
程式碼 問題 21 合併請求 1 版本發布 動態

sandbox: Use exile_vows_from_str() for seccomp policy

This commit is contained in:
Albert S. 2022-10-23 21:36:54 +02:00
父節點 d3bd5f79cc
當前提交 7ef9d7f020
共有 1 個檔案被更改,包括 1 行新增4 行删除
顯示統計資料 下載 Patch 檔 下載差異檔 展開所有檔案 折疊所有檔案

5
sandbox/sandbox-linux.cpp
查看文件

@ -55,10 +55,7 @@ bool SandboxLinux::enable(std::vector<std::string> fsPaths)
policy->not_dumpable = 1;
policy->no_new_privs = 1;
policy->mount_path_policies_to_chroot = 1;
policy->vow_promises = EXILE_SYSCALL_VOW_STDIO | EXILE_SYSCALL_VOW_WPATH | EXILE_SYSCALL_VOW_CPATH |
EXILE_SYSCALL_VOW_RPATH | EXILE_SYSCALL_VOW_INET | EXILE_SYSCALL_VOW_UNIX |
EXILE_SYSCALL_VOW_THREAD;
policy->vow_promises = exile_vows_from_str("stdio wpath cpath rpath inet unix thread");
if(exile_enable_policy(policy) != 0)
{
Logger::error() << "Sandbox: Activation of exile failed!";