sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc - Issue 493603003: sandbox: Update known syscalls to kernel 3.17

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc

Issue 493603003: sandbox: Update known syscalls to kernel 3.17 (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src

Patch Set: disallow seccomp Created 6 years, 4 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

Index: sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc

diff --git a/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc b/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc

index 7f4d5590cf86616b006ccc4b04571710deb9c939..1f34c925a79280738a53b4147a0888a73d227b56 100644

--- a/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc

+++ b/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc

@@ -163,6 +163,9 @@ ResultExpr EvaluateSyscallImpl(int fs_denied_errno,

if (sysno == __NR_prctl)

return sandbox::RestrictPrctl();

+ if (SyscallSets::IsSeccomp(sysno))

+ return Error(EPERM);

jln (very slow on Chromium) 2014/08/22 00:05:17 I know that this function is getting quite messy,

#if defined(__x86_64__) || defined(__arm__) || defined(__mips__)

if (sysno == __NR_socketpair) {

// Only allow AF_UNIX, PF_UNIX. Crash if anything else is seen.