sandbox: Use exile_vows_from_str() for seccomp policy

This commit is contained in:
Albert S. 2022-10-23 21:36:54 +02:00
parent d3bd5f79cc
commit 7ef9d7f020

Vedi File

@ -55,10 +55,7 @@ bool SandboxLinux::enable(std::vector<std::string> fsPaths)
policy->not_dumpable = 1; policy->not_dumpable = 1;
policy->no_new_privs = 1; policy->no_new_privs = 1;
policy->mount_path_policies_to_chroot = 1; policy->mount_path_policies_to_chroot = 1;
policy->vow_promises = EXILE_SYSCALL_VOW_STDIO | EXILE_SYSCALL_VOW_WPATH | EXILE_SYSCALL_VOW_CPATH | policy->vow_promises = exile_vows_from_str("stdio wpath cpath rpath inet unix thread");
EXILE_SYSCALL_VOW_RPATH | EXILE_SYSCALL_VOW_INET | EXILE_SYSCALL_VOW_UNIX |
EXILE_SYSCALL_VOW_THREAD;
if(exile_enable_policy(policy) != 0) if(exile_enable_policy(policy) != 0)
{ {
Logger::error() << "Sandbox: Activation of exile failed!"; Logger::error() << "Sandbox: Activation of exile failed!";