From b10472f92bfe6f4f6c60b70b270df71d1fb95d76 Mon Sep 17 00:00:00 2001 From: Cristian Toader Date: Wed, 21 Aug 2013 19:01:01 +0300 Subject: [PATCH] small open syscall modification (just in case) --- src/common/sandbox.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/common/sandbox.c b/src/common/sandbox.c index a4a93dbfa5..e026c7ce3e 100644 --- a/src/common/sandbox.c +++ b/src/common/sandbox.c @@ -126,7 +126,7 @@ static int filter_nopar_gen[] = { SCMP_SYS(recvfrom), SCMP_SYS(sendto), SCMP_SYS(send), - SCMP_SYS(unlink) // ? + SCMP_SYS(unlink) }; static int @@ -264,7 +264,7 @@ sb_open(scmp_filter_ctx ctx, sandbox_cfg_t *filter) } // problem: required by getaddrinfo - rc = seccomp_rule_add(ctx, SCMP_ACT_ERRNO(1), SCMP_SYS(open), 1, + rc = seccomp_rule_add(ctx, SCMP_ACT_ERRNO(-1), SCMP_SYS(open), 1, SCMP_CMP(1, SCMP_CMP_EQ, O_RDONLY|O_CLOEXEC)); if (rc != 0) { log_err(LD_BUG,"(Sandbox) failed to add open syscall, received libseccomp "