sandbox: Use exile_vows_from_str() for seccomp policy
このコミットが含まれているのは:
コミット
7ef9d7f020
@ -55,10 +55,7 @@ bool SandboxLinux::enable(std::vector<std::string> fsPaths)
|
|||||||
policy->not_dumpable = 1;
|
policy->not_dumpable = 1;
|
||||||
policy->no_new_privs = 1;
|
policy->no_new_privs = 1;
|
||||||
policy->mount_path_policies_to_chroot = 1;
|
policy->mount_path_policies_to_chroot = 1;
|
||||||
policy->vow_promises = EXILE_SYSCALL_VOW_STDIO | EXILE_SYSCALL_VOW_WPATH | EXILE_SYSCALL_VOW_CPATH |
|
policy->vow_promises = exile_vows_from_str("stdio wpath cpath rpath inet unix thread");
|
||||||
EXILE_SYSCALL_VOW_RPATH | EXILE_SYSCALL_VOW_INET | EXILE_SYSCALL_VOW_UNIX |
|
|
||||||
EXILE_SYSCALL_VOW_THREAD;
|
|
||||||
|
|
||||||
if(exile_enable_policy(policy) != 0)
|
if(exile_enable_policy(policy) != 0)
|
||||||
{
|
{
|
||||||
Logger::error() << "Sandbox: Activation of exile failed!";
|
Logger::error() << "Sandbox: Activation of exile failed!";
|
||||||
|
読み込み中…
新しいイシューから参照
ユーザーをブロックする