rdelaage
/
gmid
mirror of https://github.com/omar-polo/gmid.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

enforce PR_SET_NO_NEW_PRIVS in the logger process 

otherwise landlock will refuse to enable itself and the logger process
dies.
This commit is contained in:
Omar Polo 2021-10-02 17:20:10 +00:00
parent 0c66b6ad55
commit f7ee799023
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
sandbox.c
View File

@ -588,6 +588,10 @@ sandbox_logger_process(void)
* sytsem access.
*/
if (prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0) == -1)
fatal("%s: prctl(PR_SET_NO_NEW_PRIVS): %s",
__func__, strerror(errno));
#if HAVE_LANDLOCK
if (logger_landlock() == -1)
fatal("%s: logger_landlock: %s",