mirrors/cosmopolitan
1
0
Fork 0
mirror of https://github.com/jart/cosmopolitan.git synced 2025-07-03 09:48:29 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Fix some regressions with execution

Browse source
This commit is contained in:
Justine Tunney 2022-08-07 22:10:18 -07:00
parent 5546559034
commit b77cae2d57
28 changed files with 58 additions and 30 deletions
Download patch file Download diff file Expand all files Collapse all files

7
tool/build/pledge.c
View file

@ -22,6 +22,7 @@
#include "libc/calls/landlock.h"
#include "libc/calls/struct/rlimit.h"
#include "libc/calls/struct/sched_param.h"
#include "libc/calls/struct/seccomp.h"
#include "libc/calls/struct/stat.h"
#include "libc/calls/struct/sysinfo.h"
#include "libc/calls/syscall-sysv.internal.h"
@ -666,6 +667,12 @@ int main(int argc, char *argv[]) {
g_promises = xstrcat(g_promises, ' ', "exec");
}
// pledge.com uses the return eperm instead of killing the process
// model. we do this becasue it's only possible to have sigsys print
// crash messages if we're not pledging exec, which is what this tool
// always has to do currently.
__pledge_mode = SECCOMP_RET_ERRNO | EPERM;
// apply sandbox
if (pledge(g_promises, g_promises) == -1) {
kprintf("error: pledge(%#s) failed: %m\n", g_promises);