[OpenWrt-Devel] [PATCH procd v2 3/5] jail, seccomp: remove useless root check
Etienne CHAMPETIER
champetier.etienne at gmail.com
Tue Aug 25 19:00:41 EDT 2015
prctl(PR_SET_NO_NEW_PRIVS, 1) is enough, we don't require CAP_SYS_ADMIN
see
https://www.kernel.org/doc/Documentation/prctl/seccomp_filter.txt
https://www.kernel.org/doc/Documentation/prctl/no_new_privs.txt
Signed-off-by: Etienne CHAMPETIER <champetier.etienne at gmail.com>
---
jail/preload.c | 6 ------
1 file changed, 6 deletions(-)
diff --git a/jail/preload.c b/jail/preload.c
index 97ac44d..a1cc0b6 100644
--- a/jail/preload.c
+++ b/jail/preload.c
@@ -27,14 +27,8 @@ static main_t __main__;
static int __preload_main__(int argc, char **argv, char **envp)
{
- uid_t uid = getuid();
char *env_file = getenv("SECCOMP_FILE");
- if (uid) {
- INFO("preload-seccomp: %s: not root, cannot install seccomp filter\n", *argv);
- return -1;
- }
-
if (install_syscall_filter(*argv, env_file))
return -1;
--
1.9.1
_______________________________________________
openwrt-devel mailing list
openwrt-devel at lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
More information about the openwrt-devel
mailing list