summaryrefslogtreecommitdiffstats
path: root/jail
diff options
context:
space:
mode:
authorEtienne CHAMPETIER <champetier.etienne@gmail.com>2015-08-27 01:26:43 +0200
committerJohn Crispin <blogic@openwrt.org>2015-10-03 08:57:13 +0200
commit2059c75baa34f0f5952eedea6c25ae42232e89e5 (patch)
treebc4ca3927d1b582b795ab7e4e155d4d5aff4c3ef /jail
parent2fbf65b21961c8ea9d31f67d853992ac18dfad42 (diff)
downloadunitd-2059c75baa34f0f5952eedea6c25ae42232e89e5.tar
unitd-2059c75baa34f0f5952eedea6c25ae42232e89e5.zip
jail, seccomp: remove useless root check
prctl(PR_SET_NO_NEW_PRIVS, 1) is enough, we don't require CAP_SYS_ADMIN see https://www.kernel.org/doc/Documentation/prctl/seccomp_filter.txt https://www.kernel.org/doc/Documentation/prctl/no_new_privs.txt Signed-off-by: Etienne CHAMPETIER <champetier.etienne@gmail.com>
Diffstat (limited to 'jail')
-rw-r--r--jail/preload.c6
1 files changed, 0 insertions, 6 deletions
diff --git a/jail/preload.c b/jail/preload.c
index 97ac44d..a1cc0b6 100644
--- a/jail/preload.c
+++ b/jail/preload.c
@@ -27,14 +27,8 @@ static main_t __main__;
static int __preload_main__(int argc, char **argv, char **envp)
{
- uid_t uid = getuid();
char *env_file = getenv("SECCOMP_FILE");
- if (uid) {
- INFO("preload-seccomp: %s: not root, cannot install seccomp filter\n", *argv);
- return -1;
- }
-
if (install_syscall_filter(*argv, env_file))
return -1;