| Index: sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc
|
| diff --git a/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc b/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc
|
| index 05cef744720f95d33e3cad8da7a40117dde53688..913d4f691b8e5a290ffacef9ba48d198c6ac265a 100644
|
| --- a/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc
|
| +++ b/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc
|
| @@ -150,6 +150,9 @@ ResultExpr EvaluateSyscallImpl(int fs_denied_errno,
|
| if (sysno == __NR_futex)
|
| return RestrictFutex();
|
|
|
| + if (sysno == __NR_getpriority || sysno ==__NR_setpriority)
|
| + return RestrictGetSetpriority(current_pid);
|
| +
|
| if (sysno == __NR_madvise) {
|
| // Only allow MADV_DONTNEED (aka MADV_FREE).
|
| const Arg<int> advice(2);
|
| @@ -171,7 +174,7 @@ ResultExpr EvaluateSyscallImpl(int fs_denied_errno,
|
| return RestrictMprotectFlags();
|
|
|
| if (sysno == __NR_prctl)
|
| - return sandbox::RestrictPrctl();
|
| + return RestrictPrctl();
|
|
|
| #if defined(__x86_64__) || defined(__arm__) || defined(__mips__) || \
|
| defined(__aarch64__)
|
|
|
Chromium Code Reviews
Issue 430363003:
Linux sandbox: restrict setpriority() in baseline policy. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src