samples/seccomp: Enable PR_SET_NO_NEW_PRIVS in dropper

Either CAP_SYS_ADMIN or PR_SET_NO_NEW_PRIVS is required to enable seccomp. This allows samples/seccomp/dropper to be run without CAP_SYS_ADMIN. Signed-off-by: Ricky Zhou <rickyz@chromium.org> Signed-off-by: Kees Cook <keescook@chromium.org>

samples/seccomp: Enable PR_SET_NO_NEW_PRIVS in dropper
Either CAP_SYS_ADMIN or PR_SET_NO_NEW_PRIVS is required to enable seccomp. This allows samples/seccomp/dropper to be run without CAP_SYS_ADMIN. Signed-off-by: Ricky Zhou <rickyz@chromium.org> Signed-off-by: Kees Cook <keescook@chromium.org>
1ff12050 · Ricky Zhou · Kees Cook · 0af04ba5 · 1ff12050
Commit 1ff12050 authored Oct 13, 2016 by Ricky Zhou Committed by Kees Cook Nov 01, 2016
Hide whitespace changes
Inline Side-by-side

Showing with 5 additions and 2 deletions

samples/seccomp/dropper.c samples/seccomp/dropper.c +5 -2

No files found.
--- a/samples/seccomp/dropper.c
+++ b/samples/seccomp/dropper.c
@@ -11,7 +11,6 @@
 * When run, returns the specified errno for the specified
 * system call number against the given architecture.
 *
- * Run this one as root as PR_SET_NO_NEW_PRIVS is not called.
 */

 #include <errno.h>
@@ -42,8 +41,12 @@ static int install_filter(int nr, int arch, int error)
 		.len = (unsigned short)(sizeof(filter)/sizeof(filter[0])),
 		.filter = filter,
 	};
+	if (prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0)) {
+		perror("prctl(NO_NEW_PRIVS)");
+		return 1;
+	}
 	if (prctl(PR_SET_SECCOMP, 2, &prog)) {
-		perror("prctl");
+		perror("prctl(PR_SET_SECCOMP)");
 		return 1;
 	}
 	return 0;