| version 1.4, 2015/04/30 14:30:53 |
version 1.5, 2015/05/18 11:57:52 |
|
|
| |
|
| { SYS_close, SYSTR_POLICY_PERMIT }, |
{ SYS_close, SYSTR_POLICY_PERMIT }, |
| { SYS_exit, SYSTR_POLICY_PERMIT }, |
{ SYS_exit, SYSTR_POLICY_PERMIT }, |
| |
{ SYS_fcntl, SYSTR_POLICY_PERMIT }, |
| |
{ SYS_fstat, SYSTR_POLICY_PERMIT }, |
| { SYS_getdtablecount, SYSTR_POLICY_PERMIT }, |
{ SYS_getdtablecount, SYSTR_POLICY_PERMIT }, |
| { SYS_getentropy, SYSTR_POLICY_PERMIT }, |
{ SYS_getentropy, SYSTR_POLICY_PERMIT }, |
| { SYS_getpid, SYSTR_POLICY_PERMIT }, |
{ SYS_getpid, SYSTR_POLICY_PERMIT }, |
|
|
| sandbox_child(const char *user) |
sandbox_child(const char *user) |
| { |
{ |
| struct passwd *pw; |
struct passwd *pw; |
| |
|
| /* |
|
| * If we don't set stream buffering explicitly, stdio calls isatty() |
|
| * which means ioctl() - too nasty to let through the systrace policy. |
|
| */ |
|
| setvbuf(stdout, NULL, _IOLBF, 0); |
|
| setvbuf(stderr, NULL, _IONBF, 0); |
|
| |
|
| if (geteuid() == 0) { |
if (geteuid() == 0) { |
| pw = getpwnam(user); |
pw = getpwnam(user); |
![[BACK]](/icons/back.gif){kind=icon}
Return to sandbox.c CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / src / usr.bin / file