diff options
author | Felipe Sateler <fsateler@debian.org> | 2016-08-31 10:00:35 -0300 |
---|---|---|
committer | Felipe Sateler <fsateler@gmail.com> | 2016-09-06 20:25:49 -0300 |
commit | d347d9029c7ec6b30eaaab93649105d935061b55 (patch) | |
tree | 56eb156c3cc79fb33a6005069e661db255982d06 /src/nspawn/nspawn-seccomp.c | |
parent | 29272d9e03b85deafe30ff79aa291afe7cceb430 (diff) |
seccomp: also detect if seccomp filtering is enabled
In https://github.com/systemd/systemd/pull/4004 , a runtime detection
method for seccomp was added. However, it does not detect the case
where CONFIG_SECCOMP=y but CONFIG_SECCOMP_FILTER=n. This is possible
if the architecture does not support filtering yet.
Add a check for that case too.
While at it, change get_proc_field usage to use PR_GET_SECCOMP prctl,
as that should save a few system calls and (unnecessary) allocations.
Previously, reading of /proc/self/stat was done as recommended by
prctl(2) as safer. However, given that we need to do the prctl call
anyway, lets skip opening, reading and parsing the file.
Code for checking inspired by
https://outflux.net/teach-seccomp/autodetect.html
Diffstat (limited to 'src/nspawn/nspawn-seccomp.c')
0 files changed, 0 insertions, 0 deletions