diff options
| author | Nick Mathewson <nickm@torproject.org> | 2018-02-11 18:11:04 -0500 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2018-02-11 18:11:04 -0500 |
| commit | b2c4d4e7fae3dda864282953c05ab3b9b0f1b22d (patch) | |
| tree | 187092367c795a02922e2c953fb399464b624aa7 /src/common | |
| parent | 8939eaf479bc123e774421c9de6dfc3c864e0326 (diff) | |
| parent | 84c13336c410ac218c70d6ce2ce6216f9b24e796 (diff) | |
| download | tor-b2c4d4e7fae3dda864282953c05ab3b9b0f1b22d.tar.gz tor-b2c4d4e7fae3dda864282953c05ab3b9b0f1b22d.zip | |
Merge branch 'maint-0.2.9' into maint-0.3.1
Diffstat (limited to 'src/common')
| -rw-r--r-- | src/common/sandbox.c | 16 |
1 files changed, 15 insertions, 1 deletions
diff --git a/src/common/sandbox.c b/src/common/sandbox.c index 2a343aac57..1b73f31265 100644 --- a/src/common/sandbox.c +++ b/src/common/sandbox.c @@ -1118,6 +1118,19 @@ sb_stat64(scmp_filter_ctx ctx, sandbox_cfg_t *filter) } #endif +static int +sb_kill(scmp_filter_ctx ctx, sandbox_cfg_t *filter) +{ + (void) filter; +#ifdef __NR_kill + /* Allow killing anything with signal 0 -- it isn't really a kill. */ + return seccomp_rule_add_1(ctx, SCMP_ACT_ALLOW, SCMP_SYS(kill), + SCMP_CMP(1, SCMP_CMP_EQ, 0)); +#else + return 0; +#endif +} + /** * Array of function pointers responsible for filtering different syscalls at * a parameter level. @@ -1156,7 +1169,8 @@ static sandbox_filter_func_t filter_func[] = { sb_socket, sb_setsockopt, sb_getsockopt, - sb_socketpair + sb_socketpair, + sb_kill }; const char * |