diff options
| author | Etienne CHAMPETIER <champetier.etienne@gmail.com> | 2015-08-27 01:26:43 +0200 |
|---|---|---|
| committer | John Crispin <blogic@openwrt.org> | 2015-10-03 08:57:13 +0200 |
| commit | 2059c75baa34f0f5952eedea6c25ae42232e89e5 (patch) | |
| tree | bc4ca3927d1b582b795ab7e4e155d4d5aff4c3ef /jail | |
| parent | 2fbf65b21961c8ea9d31f67d853992ac18dfad42 (diff) | |
| download | unitd-2059c75baa34f0f5952eedea6c25ae42232e89e5.tar unitd-2059c75baa34f0f5952eedea6c25ae42232e89e5.zip | |
jail, seccomp: remove useless root check
prctl(PR_SET_NO_NEW_PRIVS, 1) is enough, we don't require CAP_SYS_ADMIN
see
https://www.kernel.org/doc/Documentation/prctl/seccomp_filter.txt
https://www.kernel.org/doc/Documentation/prctl/no_new_privs.txt
Signed-off-by: Etienne CHAMPETIER <champetier.etienne@gmail.com>
Diffstat (limited to 'jail')
| -rw-r--r-- | jail/preload.c | 6 |
1 files changed, 0 insertions, 6 deletions
diff --git a/jail/preload.c b/jail/preload.c index 97ac44d..a1cc0b6 100644 --- a/jail/preload.c +++ b/jail/preload.c @@ -27,14 +27,8 @@ static main_t __main__; static int __preload_main__(int argc, char **argv, char **envp) { - uid_t uid = getuid(); char *env_file = getenv("SECCOMP_FILE"); - if (uid) { - INFO("preload-seccomp: %s: not root, cannot install seccomp filter\n", *argv); - return -1; - } - if (install_syscall_filter(*argv, env_file)) return -1; |