diff options
-rw-r--r-- | linux_priv.c | 5 |
1 files changed, 2 insertions, 3 deletions
diff --git a/linux_priv.c b/linux_priv.c index f1ea406..e34c1e6 100644 --- a/linux_priv.c +++ b/linux_priv.c @@ -5,9 +5,8 @@ #include <sys/ioctl.h> #include "memcached.h" -// In the future when the system is more tested this could be switched -// to SCMP_ACT_KILL instead. -#define DENY_ACTION SCMP_ACT_ERRNO(EACCES) +// If anything crosses the policy, kill the process. +#define DENY_ACTION SCMP_ACT_KILL void drop_privileges(void) { scmp_filter_ctx ctx = seccomp_init(DENY_ACTION); |