GitLab/ocserv
1
0
Fork 0
mirror of https://gitlab.com/openconnect/ocserv.git synced 2026-02-10 08:46:58 +08:00
Code Issues Packages Projects Releases Wiki Activity

seccomp will make the forbidden system calls to return an error.

Browse Source
This commit is contained in:
Nikos Mavrogiannopoulos
2014-02-02 09:45:34 +01:00
parent cfc10eec81
commit eb5f78c748
2 changed files with 3 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
NEWS
View File

@@ -10,6 +10,8 @@
- Added support for multiple DNS and NBNS servers in ocserv.conf.
The 'local' keyword is no longer supported.
- Added the new config options split-dns and custom-header.
- When seccomp is being used the forbidden system calls will
return error instead of the process being killed.
- occtl: fixed gathering of interface statistics.

2
src/worker-privs.c
View File

@@ -31,7 +31,7 @@ int disable_system_calls(struct worker_st *ws)
int ret;
scmp_filter_ctx ctx;
ctx = seccomp_init(SCMP_ACT_KILL);
ctx = seccomp_init(SCMP_ACT_ERRNO(EPERM));
if (ctx == NULL) {
oclog(ws, LOG_DEBUG, "could not initialize seccomp");
return -1;