projects / oweals / procd.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 017f3a1) | patch
Do not disable seccomp when configuration is not found
authorMichal Sojka <sojkam1@fel.cvut.cz>
Tue, 12 Sep 2017 11:12:35 +0000 (13:12 +0200)
committerJohn Crispin <john@phrozen.org>
Thu, 28 Sep 2017 06:26:56 +0000 (08:26 +0200)
commitc8faedc1fff6e37fbcf7c6d449888dd1e7bdf9cd
tree5237210fd8512cff754e3f0375ebe0491561f33ftree | snapshot
parent017f3a1f9e128282ecf971d81bd915d0db7f8a31commit | diff
Do not disable seccomp when configuration is not found

Previously, when seccomp configuration file for a service was not
found, the service was started without seccomp. I consider this
potential attack vector.

With this change, procd starts the service as if the configuration
existed but the service fails in libpreload-seccomp.so, because the
configuration cannot be loaded. This is announced in the syslog.

Signed-off-by: Michal Sojka <sojkam1@fel.cvut.cz>
service/instance.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.