diff options
-rw-r--r-- | src/filter_seccomp.c | 16 |
1 files changed, 11 insertions, 5 deletions
diff --git a/src/filter_seccomp.c b/src/filter_seccomp.c index b1fa4eb62..eced2da61 100644 --- a/src/filter_seccomp.c +++ b/src/filter_seccomp.c @@ -679,14 +679,20 @@ dump_seccomp_bpf(void) void init_seccomp_filter(void) { - if (prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0) < 0) - perror_func_msg_and_die("prctl(PR_SET_NO_NEW_PRIVS)"); - if (debug_flag) dump_seccomp_bpf(); - if (prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, &bpf_prog) < 0) - perror_func_msg_and_die("prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER)"); + if (prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, &bpf_prog) == 0) + return; + + if (errno == EACCES) { + if (prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0) < 0) + perror_func_msg_and_die("prctl(PR_SET_NO_NEW_PRIVS)"); + if (prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, &bpf_prog) == 0) + return; + } + + perror_func_msg_and_die("prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER)"); } int |