version 1.4, 2015/04/30 14:30:53 |
version 1.5, 2015/05/18 11:57:52 |
|
|
|
|
{ SYS_close, SYSTR_POLICY_PERMIT }, |
{ SYS_close, SYSTR_POLICY_PERMIT }, |
{ SYS_exit, SYSTR_POLICY_PERMIT }, |
{ SYS_exit, SYSTR_POLICY_PERMIT }, |
|
{ SYS_fcntl, SYSTR_POLICY_PERMIT }, |
|
{ SYS_fstat, SYSTR_POLICY_PERMIT }, |
{ SYS_getdtablecount, SYSTR_POLICY_PERMIT }, |
{ SYS_getdtablecount, SYSTR_POLICY_PERMIT }, |
{ SYS_getentropy, SYSTR_POLICY_PERMIT }, |
{ SYS_getentropy, SYSTR_POLICY_PERMIT }, |
{ SYS_getpid, SYSTR_POLICY_PERMIT }, |
{ SYS_getpid, SYSTR_POLICY_PERMIT }, |
|
|
sandbox_child(const char *user) |
sandbox_child(const char *user) |
{ |
{ |
struct passwd *pw; |
struct passwd *pw; |
|
|
/* |
|
* If we don't set stream buffering explicitly, stdio calls isatty() |
|
* which means ioctl() - too nasty to let through the systrace policy. |
|
*/ |
|
setvbuf(stdout, NULL, _IOLBF, 0); |
|
setvbuf(stderr, NULL, _IONBF, 0); |
|
|
|
if (geteuid() == 0) { |
if (geteuid() == 0) { |
pw = getpwnam(user); |
pw = getpwnam(user); |