niansa/libhss
1
0
Fork 0
mirror of https://gitlab.com/niansa/libhss.git synced 2025-03-06 20:49:21 +01:00
Code Releases Activity

Allow brk() because it is limited by rlimit anyways

Browse source
This commit is contained in:
Nils 2021-07-22 15:11:36 +02:00
parent 6ba8a57087
commit 29ef10e749
1 changed files with 1 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
child_launcher.cpp
View file

@ -42,13 +42,12 @@ void enable_limits(const Limits& limits) {
if (limits.enable_seccomp) {
scmp_filter_ctx ctx = seccomp_init(SCMP_ACT_ERRNO(EOPNOTSUPP));
for (const auto sysc : {
SCMP_SYS(mmap), SCMP_SYS(mmap2), SCMP_SYS(munmap),
SCMP_SYS(mmap), SCMP_SYS(mmap2), SCMP_SYS(munmap), SCMP_SYS(brk),
SCMP_SYS(write), SCMP_SYS(read), SCMP_SYS(close),
SCMP_SYS(exit), SCMP_SYS(exit_group)
}) {
seccomp_rule_add(ctx, SCMP_ACT_ALLOW, sysc, 0);
}
seccomp_rule_add(ctx, SCMP_ACT_ERRNO(ENOMEM), SCMP_SYS(brk), 0);
if (seccomp_load(ctx) < 0) {
throw std::runtime_error("Error setting up seccomp");
}