Enforce seccomp policy

Instead of denying access when a forbidden syscall is triggered, kill the whole process. This is good because it prevents silent failures when running into issues with new/different libc implementations. This is also good, because failures to follow the policy causes an immediate, loud KILL.
author: Stanisław Pitucha <viraptor@gmail.com> 2018-03-05 20:53:58 +1100
committer: dormando <dormando@rydia.net> 2018-03-14 12:27:37 -0700
commit: 280ed313d93207f97fcc0dc056d2243b10079f81 (patch)
tree: 9e00d3b2e49e7faaa74db27850648c8e1bae96ca /linux_priv.c
parent: b119119ac7324b566cfe2f39fb3f8553f01cb4df (diff)
download: memcached-280ed313d93207f97fcc0dc056d2243b10079f81.tar.gz
1 files changed, 2 insertions, 3 deletions
diff --git a/linux_priv.c b/linux_priv.c
index f1ea406..e34c1e6 100644
--- a/linux_priv.c
+++ b/linux_priv.c
@@ -5,9 +5,8 @@
 #include <sys/ioctl.h>
 #include "memcached.h"
 
-// In the future when the system is more tested this could be switched
-// to SCMP_ACT_KILL instead.
-#define DENY_ACTION SCMP_ACT_ERRNO(EACCES)
+// If anything crosses the policy, kill the process.
+#define DENY_ACTION SCMP_ACT_KILL
 
 void drop_privileges(void) {
     scmp_filter_ctx ctx = seccomp_init(DENY_ACTION);
author	Stanisław Pitucha <viraptor@gmail.com>	2018-03-05 20:53:58 +1100
committer	dormando <dormando@rydia.net>	2018-03-14 12:27:37 -0700
commit	280ed313d93207f97fcc0dc056d2243b10079f81 (patch)
tree	9e00d3b2e49e7faaa74db27850648c8e1bae96ca /linux_priv.c
parent	b119119ac7324b566cfe2f39fb3f8553f01cb4df (diff)
download	memcached-280ed313d93207f97fcc0dc056d2243b10079f81.tar.gz