int ksandbox_seccomp_init_child(void *arg, enum sandtype type) { struct rlimit rl_zero; int nnp_failed = 0; /* Set rlimits for completeness if possible. */ rl_zero.rlim_cur = rl_zero.rlim_max = 0; if (setrlimit(RLIMIT_FSIZE, &rl_zero) == -1) XWARN("setrlimit(RLIMIT_FSIZE)"); #if 0 /* * Don't do like OpenSSH: we need to pass stuff back and forth * over pipes, and this will prevent that from happening. */ if (setrlimit(RLIMIT_NOFILE, &rl_zero) == -1) XWARN("setrlimit(RLIMIT_NOFILE)"); #endif if (setrlimit(RLIMIT_NPROC, &rl_zero) == -1) XWARN("setrlimit(RLIMIT_NPROC)"); #ifdef SANDBOX_SECCOMP_DEBUG ssh_sandbox_child_debugging(); #endif if (prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0) == -1) { XWARN("prctl(PR_SET_NO_NEW_PRIVS)"); nnp_failed = 1; } if (prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, SAND_WORKER != type ? &preauth_prog_ctrl : &preauth_prog_work) == -1) XWARN("prctl(PR_SET_SECCOMP)"); else if (nnp_failed) { XWARNX("SECCOMP_MODE_FILTER activated but " "PR_SET_NO_NEW_PRIVS failed"); _exit(EXIT_FAILURE); } return(1); }
void ssh_sandbox_child(struct ssh_sandbox *box) { struct rlimit rl_zero; int nnp_failed = 0; /* Set rlimits for completeness if possible. */ rl_zero.rlim_cur = rl_zero.rlim_max = 0; if (setrlimit(RLIMIT_FSIZE, &rl_zero) == -1) fatal("%s: setrlimit(RLIMIT_FSIZE, { 0, 0 }): %s", __func__, strerror(errno)); if (setrlimit(RLIMIT_NOFILE, &rl_zero) == -1) fatal("%s: setrlimit(RLIMIT_NOFILE, { 0, 0 }): %s", __func__, strerror(errno)); if (setrlimit(RLIMIT_NPROC, &rl_zero) == -1) fatal("%s: setrlimit(RLIMIT_NPROC, { 0, 0 }): %s", __func__, strerror(errno)); #ifdef SANDBOX_SECCOMP_FILTER_DEBUG ssh_sandbox_child_debugging(); #endif /* SANDBOX_SECCOMP_FILTER_DEBUG */ debug3("%s: setting PR_SET_NO_NEW_PRIVS", __func__); if (prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0) == -1) { debug("%s: prctl(PR_SET_NO_NEW_PRIVS): %s", __func__, strerror(errno)); nnp_failed = 1; } debug3("%s: attaching seccomp filter program", __func__); if (prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, &preauth_program) == -1) debug("%s: prctl(PR_SET_SECCOMP): %s", __func__, strerror(errno)); else if (nnp_failed) fatal("%s: SECCOMP_MODE_FILTER activated but " "PR_SET_NO_NEW_PRIVS failed", __func__); }