From 280ed313d93207f97fcc0dc056d2243b10079f81 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Stanis=C5=82aw=20Pitucha?= <viraptor@gmail.com>
Date: Mon, 5 Mar 2018 20:53:58 +1100
Subject: Enforce seccomp policy

Instead of denying access when a forbidden syscall is triggered, kill
the whole process.

This is good because it prevents silent failures when running into
issues with new/different libc implementations. This is also good,
because failures to follow the policy causes an immediate, loud KILL.
---
 linux_priv.c | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

(limited to 'linux_priv.c')

diff --git a/linux_priv.c b/linux_priv.c
index f1ea406..e34c1e6 100644
--- a/linux_priv.c
+++ b/linux_priv.c
@@ -5,9 +5,8 @@
 #include <sys/ioctl.h>
 #include "memcached.h"
 
-// In the future when the system is more tested this could be switched
-// to SCMP_ACT_KILL instead.
-#define DENY_ACTION SCMP_ACT_ERRNO(EACCES)
+// If anything crosses the policy, kill the process.
+#define DENY_ACTION SCMP_ACT_KILL
 
 void drop_privileges(void) {
     scmp_filter_ctx ctx = seccomp_init(DENY_ACTION);
-- 
cgit v1.2.1