picnoir/Systemd
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

core: prefer SCMP_ACT_KILL_PROCESS for SystemCallFilter= behaviour

Browse source 
If we have it, use it. It makes a ton more sense.

Fixes: #11967
This commit is contained in:
Lennart Poettering 2019-04-29 12:03:58 +02:00
parent 915fb32438
commit ccc16c7842
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
src/core/execute.c
View file

@ -1439,7 +1439,7 @@ static int apply_syscall_filter(const Unit* u, const ExecContext *c, bool needs_
if (skip_seccomp_unavailable(u, "SystemCallFilter="))
return 0;
negative_action = c->syscall_errno == 0 ? SCMP_ACT_KILL : SCMP_ACT_ERRNO(c->syscall_errno);
negative_action = c->syscall_errno == 0 ? scmp_act_kill_process() : SCMP_ACT_ERRNO(c->syscall_errno);
if (c->syscall_whitelist) {
default_action = negative_action;