mirror of
https://github.com/google/sandboxed-api.git
synced 2024-03-22 13:11:30 +08:00
Fix BlockSyscallsWithErrno
PiperOrigin-RevId: 429982218 Change-Id: I42b187e678542b295542ca44882945c7695178e1
This commit is contained in:
parent
e9c041f0c2
commit
a2daa0a275
|
@ -75,6 +75,7 @@ std::unique_ptr<Policy> BufferTestcasePolicy() {
|
|||
.AllowWrite()
|
||||
.AllowMmap()
|
||||
.AllowStat()
|
||||
.AllowOpen()
|
||||
.AllowSyscalls({
|
||||
__NR_dup,
|
||||
__NR_futex,
|
||||
|
@ -88,10 +89,6 @@ std::unique_ptr<Policy> BufferTestcasePolicy() {
|
|||
})
|
||||
.BlockSyscallsWithErrno(
|
||||
{
|
||||
#ifdef __NR_open
|
||||
__NR_open,
|
||||
#endif
|
||||
__NR_openat,
|
||||
#ifdef __NR_access
|
||||
// On Debian, even static binaries check existence of
|
||||
// /etc/ld.so.nohwcap.
|
||||
|
|
|
@ -91,7 +91,7 @@ PolicyBuilder& PolicyBuilder::AllowSyscalls(absl::Span<const uint32_t> nums) {
|
|||
PolicyBuilder& PolicyBuilder::BlockSyscallsWithErrno(
|
||||
absl::Span<const uint32_t> nums, int error) {
|
||||
for (auto num : nums) {
|
||||
AllowSyscall(num);
|
||||
BlockSyscallWithErrno(num, error);
|
||||
}
|
||||
return *this;
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue
Block a user