mirrors/cosmopolitan
1
0
Fork 0
mirror of https://github.com/jart/cosmopolitan.git synced 2025-07-08 04:08:32 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Explicitly disable Linux capabilities

Browse source
This commit is contained in:
Justine Tunney 2022-07-23 12:06:41 -07:00
parent ffedbfe14d
commit 16fc83f9ce
12 changed files with 269 additions and 20 deletions
Download patch file Download diff file Expand all files Collapse all files

2
tool/net/help.txt
View file

@ -735,7 +735,7 @@ FUNCTIONS
Turns Lua data structure into JSON string.
Since Lua uses tables for both hashmaps and arrays, we use a
Since Lua uses tables are both hashmaps and arrays, we use a
simple fast algorithm for telling the two apart. Tables with
non-zero length (as reported by `#`) are encoded as arrays,
and any non-array elements are ignored. For example:

7
tool/net/redbean.c
View file

@ -7295,6 +7295,13 @@ static void GetOpts(int argc, char *argv[]) {
void RedBean(int argc, char *argv[]) {
if (IsLinux()) {
// disable weird linux capabilities
for (int e = errno, i = 0;; ++i) {
if (prctl(PR_CAPBSET_DROP, i) == -1) {
errno = e;
break;
}
}
// disable sneak privilege since we don't use them
// seccomp will fail later if this fails
prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0);