jail, seccomp: remove useless root check
authorEtienne CHAMPETIER <champetier.etienne@gmail.com>
Wed, 26 Aug 2015 23:26:43 +0000 (23:26 +0000)
committerJohn Crispin <blogic@openwrt.org>
Sat, 3 Oct 2015 06:57:13 +0000 (08:57 +0200)
prctl(PR_SET_NO_NEW_PRIVS, 1) is enough, we don't require CAP_SYS_ADMIN
see
https://www.kernel.org/doc/Documentation/prctl/seccomp_filter.txt
https://www.kernel.org/doc/Documentation/prctl/no_new_privs.txt

Signed-off-by: Etienne CHAMPETIER <champetier.etienne@gmail.com>
jail/preload.c

index 97ac44d869111080e760118896a641243144866b..a1cc0b69ebaaf45d9b0a7279c3c1ae747b0bb264 100644 (file)
@@ -27,14 +27,8 @@ static main_t __main__;
 
 static int __preload_main__(int argc, char **argv, char **envp)
 {
-       uid_t uid = getuid();
        char *env_file = getenv("SECCOMP_FILE");
 
-       if (uid) {
-               INFO("preload-seccomp: %s: not root, cannot install seccomp filter\n", *argv);
-               return -1;
-       }
-
        if (install_syscall_filter(*argv, env_file))
                return -1;