mirrors/cosmopolitan
1
0
Fork 0
mirror of https://github.com/jart/cosmopolitan.git synced 2025-06-27 14:58:30 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Explicitly disable Linux capabilities

Browse source
This commit is contained in:
Justine Tunney 2022-07-23 12:06:41 -07:00
parent ffedbfe14d
commit 16fc83f9ce
12 changed files with 269 additions and 20 deletions
Download patch file Download diff file Expand all files Collapse all files

7
tool/net/redbean.c
View file

@ -7295,6 +7295,13 @@ static void GetOpts(int argc, char *argv[]) {
void RedBean(int argc, char *argv[]) {
if (IsLinux()) {
// disable weird linux capabilities
for (int e = errno, i = 0;; ++i) {
if (prctl(PR_CAPBSET_DROP, i) == -1) {
errno = e;
break;
}
}
// disable sneak privilege since we don't use them
// seccomp will fail later if this fails
prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0);