Verified Commit b951d024 authored by valoq's avatar valoq
Browse files

clean process shutdown by sandbox

parent 87989da7
Pipeline #445 canceled with stages
......@@ -132,7 +132,10 @@ seccomp_enable_strict_filter(void)
}
/* initialize the filter */
scmp_filter_ctx ctx = seccomp_init(SCMP_ACT_KILL);
/* ENOSYS tells the calling process that the syscall is not implemented,
* allowing for a potential fallback function to execute
* scmp_filter_ctx ctx = seccomp_init(SCMP_ACT_ERRNO(ENOSYS));*/
scmp_filter_ctx ctx = seccomp_init(SCMP_ACT_KILL_PROCESS);
if (ctx == NULL){
girara_error("seccomp_init failed");
return -1;
......
  • SCMP_ACT_KILL_PROCESS will kill the process immediately and return an error indicating a bad syscall as the cause, which provides a clear feedback to the user.

    Alternatively scmp_filter_ctx ctx = seccomp_init(SCMP_ACT_ERRNO(ENOSYS)); could be used here to avoid a hard failure of the sandbox by furture systemcalls introduced through dependencies, however I have some reservations about this approach as it leaves it up to the dependency how to deal with this 'non implemented' system call.

Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment