mirror of
https://github.com/google/sandboxed-api.git
synced 2024-03-22 13:11:30 +08:00
Make use of the new AllowPrctlSetName convenience function.
PiperOrigin-RevId: 436727461 Change-Id: Iab1945c422b8db98a220cdeacdec7c9868ea9e84
This commit is contained in:
parent
babe23261f
commit
44cd37c94e
|
@ -18,6 +18,7 @@
|
|||
// It inverts all bytes coming from stdin and writes them to the stdout.
|
||||
|
||||
#include <signal.h>
|
||||
#include <sys/prctl.h>
|
||||
#include <unistd.h>
|
||||
|
||||
#include <cctype>
|
||||
|
@ -28,6 +29,8 @@ int main(int argc, char** argv) {
|
|||
char buf[1024];
|
||||
size_t total_bytes = 0U;
|
||||
|
||||
prctl(PR_SET_NAME, "static_bin");
|
||||
|
||||
fprintf(stderr, "=============================\n");
|
||||
fprintf(stderr, "Starting file capitalization\n");
|
||||
fprintf(stderr, "=============================\n");
|
||||
|
|
|
@ -69,6 +69,10 @@ std::unique_ptr<sandbox2::Policy> GetPolicy() {
|
|||
// write() calls with fd not in (1, 2) will continue evaluating the
|
||||
// policy. This means that other rules might still allow them.
|
||||
|
||||
// Allow the Sandboxee to set the name for better recognition in the
|
||||
// process listing.
|
||||
.AllowPrctlSetName()
|
||||
|
||||
// Allow the dynamic loader to mark pages to never allow read-write-exec.
|
||||
.AddPolicyOnSyscall(__NR_mprotect,
|
||||
{
|
||||
|
|
Loading…
Reference in New Issue
Block a user