From 2059c75baa34f0f5952eedea6c25ae42232e89e5 Mon Sep 17 00:00:00 2001 From: Etienne CHAMPETIER Date: Wed, 26 Aug 2015 23:26:43 +0000 Subject: [PATCH] jail, seccomp: remove useless root check prctl(PR_SET_NO_NEW_PRIVS, 1) is enough, we don't require CAP_SYS_ADMIN see https://www.kernel.org/doc/Documentation/prctl/seccomp_filter.txt https://www.kernel.org/doc/Documentation/prctl/no_new_privs.txt Signed-off-by: Etienne CHAMPETIER --- jail/preload.c | 6 ------ 1 file changed, 6 deletions(-) diff --git a/jail/preload.c b/jail/preload.c index 97ac44d..a1cc0b6 100644 --- a/jail/preload.c +++ b/jail/preload.c @@ -27,14 +27,8 @@ static main_t __main__; static int __preload_main__(int argc, char **argv, char **envp) { - uid_t uid = getuid(); char *env_file = getenv("SECCOMP_FILE"); - if (uid) { - INFO("preload-seccomp: %s: not root, cannot install seccomp filter\n", *argv); - return -1; - } - if (install_syscall_filter(*argv, env_file)) return -1; -- 2.25.1