Attachment #546906 for bug #665698

View | Details | Raw Unified | Return to bug 665698
Collapse All | Expand All




allow_file_open(scmp_filter_ctx ctx, int use_openat, const char *file)
{
  if (use_openat) {
    int ret;
    ret = seccomp_rule_add_2(ctx, SCMP_ACT_ALLOW, SCMP_SYS(openat),
                             SCMP_CMP(0, SCMP_CMP_EQ, (unsigned int)AT_FDCWD),
                             SCMP_CMP_STR(1, SCMP_CMP_EQ, file));
    if (ret != 0) {
      return ret;
    }

    ret = seccomp_rule_add_2(ctx, SCMP_ACT_ALLOW, SCMP_SYS(openat),
                             SCMP_CMP_STR(0, SCMP_CMP_EQ, AT_FDCWD),
                             SCMP_CMP_STR(1, SCMP_CMP_EQ, file));
    return ret;
  } else {
    return seccomp_rule_add_1(ctx, SCMP_ACT_ALLOW, SCMP_SYS(open),
                              SCMP_CMP_STR(0, SCMP_CMP_EQ, file));

Return to bug 665698

Lines 454-462 static int Link Here

(-)a/src/common/sandbox.c (-3 / +12 lines)
454	allow_file_open(scmp_filter_ctx ctx, int use_openat, const char *file)	454	allow_file_open(scmp_filter_ctx ctx, int use_openat, const char *file)
455	{	455	{
456	if (use_openat) {	456	if (use_openat) {
457	return seccomp_rule_add_2(ctx, SCMP_ACT_ALLOW, SCMP_SYS(openat),	457	int ret;
458	SCMP_CMP(0, SCMP_CMP_EQ, (unsigned int)AT_FDCWD),	458	ret = seccomp_rule_add_2(ctx, SCMP_ACT_ALLOW, SCMP_SYS(openat),
459	SCMP_CMP_STR(1, SCMP_CMP_EQ, file));	459	SCMP_CMP(0, SCMP_CMP_EQ, (unsigned int)AT_FDCWD),
		460	SCMP_CMP_STR(1, SCMP_CMP_EQ, file));
		461	if (ret != 0) {
		462	return ret;
		463	}
		464
		465	ret = seccomp_rule_add_2(ctx, SCMP_ACT_ALLOW, SCMP_SYS(openat),
		466	SCMP_CMP_STR(0, SCMP_CMP_EQ, AT_FDCWD),
		467	SCMP_CMP_STR(1, SCMP_CMP_EQ, file));
		468	return ret;
460	} else {	469	} else {
461	return seccomp_rule_add_1(ctx, SCMP_ACT_ALLOW, SCMP_SYS(open),	470	return seccomp_rule_add_1(ctx, SCMP_ACT_ALLOW, SCMP_SYS(open),
462	SCMP_CMP_STR(0, SCMP_CMP_EQ, file));	471	SCMP_CMP_STR(0, SCMP_CMP_EQ, file));