diff options
| author | jln@chromium.org <jln@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2014-02-04 22:02:13 +0000 |
|---|---|---|
| committer | jln@chromium.org <jln@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2014-02-04 22:02:13 +0000 |
| commit | 88cfad96ddf1d74218602bbfd3ce82c0472d26af (patch) | |
| tree | 1f465c4b1541cae20815432c9c26f65d569dfdda /sandbox | |
| parent | d5ab61d88b7bc069b1466be698dc962692da7976 (diff) | |
| download | chromium_src-88cfad96ddf1d74218602bbfd3ce82c0472d26af.zip chromium_src-88cfad96ddf1d74218602bbfd3ce82c0472d26af.tar.gz chromium_src-88cfad96ddf1d74218602bbfd3ce82c0472d26af.tar.bz2 | |
Linux Sandbox: EPERM credential changes.
EPERM set*id and similar system calls instead of watching them.
BUG=340399
NOTRY=true
R=jorgelo@chromium.org
Review URL: https://codereview.chromium.org/137803011
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@248788 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'sandbox')
| -rw-r--r-- | sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc b/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc index d0e53e3..c72b53a 100644 --- a/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc +++ b/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc @@ -70,7 +70,6 @@ bool IsBaselinePolicyWatched(int sysno) { #endif SyscallSets::IsNuma(sysno) || SyscallSets::IsProcessGroupOrSession(sysno) || - SyscallSets::IsProcessPrivilegeChange(sysno) || #if defined(__i386__) SyscallSets::IsSocketCall(sysno) || #endif @@ -137,7 +136,8 @@ ErrorCode EvaluateSyscallImpl(int fs_denied_errno, SandboxBPF* sandbox, if (SyscallSets::IsUmask(sysno) || SyscallSets::IsDeniedFileSystemAccessViaFd(sysno) || - SyscallSets::IsDeniedGetOrModifySocket(sysno)) { + SyscallSets::IsDeniedGetOrModifySocket(sysno) || + SyscallSets::IsProcessPrivilegeChange(sysno)) { return ErrorCode(EPERM); } |