parent
42c5774e78
commit
a3dc1e65ab
|
@ -2317,6 +2317,10 @@ void setupSeccomp()
|
||||||
seccomp_arch_add(ctx, SCMP_ARCH_X86) != 0)
|
seccomp_arch_add(ctx, SCMP_ARCH_X86) != 0)
|
||||||
throw SysError("unable to add 32-bit seccomp architecture");
|
throw SysError("unable to add 32-bit seccomp architecture");
|
||||||
|
|
||||||
|
if (settings.thisSystem == "x86_64-linux" &&
|
||||||
|
seccomp_arch_add(ctx, SCMP_ARCH_X32) != 0)
|
||||||
|
throw SysError("unable to add X32 seccomp architecture");
|
||||||
|
|
||||||
/* Prevent builders from creating setuid/setgid binaries. */
|
/* Prevent builders from creating setuid/setgid binaries. */
|
||||||
for (int perm : { S_ISUID, S_ISGID }) {
|
for (int perm : { S_ISUID, S_ISGID }) {
|
||||||
if (seccomp_rule_add(ctx, SCMP_ACT_ERRNO(EPERM), SCMP_SYS(chmod), 1,
|
if (seccomp_rule_add(ctx, SCMP_ACT_ERRNO(EPERM), SCMP_SYS(chmod), 1,
|
||||||
|
|
Loading…
Reference in a new issue