Deny (non-fatal) statx in preauth privsep child.

author Luca Weiss <luca@z3ntu.xyz>

Sun, 8 Nov 2020 13:19:23 +0000 (14:19 +0100)

committer Darren Tucker <dtucker@dtucker.net>

Fri, 5 Feb 2021 02:56:26 +0000 (13:56 +1100)
author Luca Weiss <luca@z3ntu.xyz>
Sun, 8 Nov 2020 13:19:23 +0000 (14:19 +0100)
committer Darren Tucker <dtucker@dtucker.net>
Fri, 5 Feb 2021 02:56:26 +0000 (13:56 +1100)
diff --git a/sandbox-seccomp-filter.c b/sandbox-seccomp-filter.c

index 5065ae7efc5356aa3d3d707d5e2a07c29cf869a6..d942b5e167afc2f476f651299a59a8def32fed50 100644 (file)
--- a/sandbox-seccomp-filter.c
+++ b/sandbox-seccomp-filter.c
@@ -181,6 +181,9 @@ static const struct sock_filter preauth_insns[] = {
  #ifdef __NR_ipc
         SC_DENY(__NR_ipc, EACCES),
  #endif
+#ifdef __NR_statx
+       SC_DENY(__NR_statx, EACCES),
+#endif
  
         /* Syscalls to permit */
  #ifdef __NR_brk
author	Luca Weiss <luca@z3ntu.xyz>
	Sun, 8 Nov 2020 13:19:23 +0000 (14:19 +0100)
committer	Darren Tucker <dtucker@dtucker.net>
	Fri, 5 Feb 2021 02:56:26 +0000 (13:56 +1100)