summaryrefslogtreecommitdiffstats
path: root/sandbox-seccomp-filter.c
diff options
context:
space:
mode:
authorDamien Miller <djm@mindrot.org>2012-07-06 02:27:10 +0200
committerDamien Miller <djm@mindrot.org>2012-07-06 02:27:10 +0200
commita0433a7096b7f1f5d7332b04fa83660b3208ab1d (patch)
tree67b218ca3a89e6cd749d0130e21907139e80b83e /sandbox-seccomp-filter.c
parent - (dtucker) [configure.ac openbsd-compat/bsd-misc.h] Add setlinebuf for (diff)
downloadopenssh-a0433a7096b7f1f5d7332b04fa83660b3208ab1d.tar.xz
openssh-a0433a7096b7f1f5d7332b04fa83660b3208ab1d.zip
- (djm) [sandbox-seccomp-filter.c] fallback to rlimit if seccomp filter is
not available. Allows use of sshd compiled on host with a filter-capable kernel on hosts that lack the support. bz#2011 ok dtucker@
Diffstat (limited to 'sandbox-seccomp-filter.c')
-rw-r--r--sandbox-seccomp-filter.c12
1 files changed, 9 insertions, 3 deletions
diff --git a/sandbox-seccomp-filter.c b/sandbox-seccomp-filter.c
index 686812957..ef2b13c4f 100644
--- a/sandbox-seccomp-filter.c
+++ b/sandbox-seccomp-filter.c
@@ -179,6 +179,7 @@ void
ssh_sandbox_child(struct ssh_sandbox *box)
{
struct rlimit rl_zero;
+ int nnp_failed = 0;
/* Set rlimits for completeness if possible. */
rl_zero.rlim_cur = rl_zero.rlim_max = 0;
@@ -197,13 +198,18 @@ ssh_sandbox_child(struct ssh_sandbox *box)
#endif /* SANDBOX_SECCOMP_FILTER_DEBUG */
debug3("%s: setting PR_SET_NO_NEW_PRIVS", __func__);
- if (prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0) == -1)
- fatal("%s: prctl(PR_SET_NO_NEW_PRIVS): %s",
+ if (prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0) == -1) {
+ debug("%s: prctl(PR_SET_NO_NEW_PRIVS): %s",
__func__, strerror(errno));
+ nnp_failed = 1;
+ }
debug3("%s: attaching seccomp filter program", __func__);
if (prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, &preauth_program) == -1)
- fatal("%s: prctl(PR_SET_SECCOMP): %s",
+ debug("%s: prctl(PR_SET_SECCOMP): %s",
__func__, strerror(errno));
+ else if (nnp_failed)
+ fatal("%s: SECCOMP_MODE_FILTER activated but "
+ "PR_SET_NO_NEW_PRIVS failed", __func__);
}
void