diff options
author | Alice Frosi <afrosi@redhat.com> | 2023-01-16 16:30:22 +0100 |
---|---|---|
committer | Alice Frosi <afrosi@redhat.com> | 2023-01-17 13:05:41 +0100 |
commit | f9c6d862789eb5961502862882d2dc33eff854b8 (patch) | |
tree | d44cc7fd16f07d4c52c87da5b6c85829776d5173 | |
parent | bad10920fe6c8bb443a8640e2534aa27dabd80b1 (diff) | |
download | seitan-f9c6d862789eb5961502862882d2dc33eff854b8.tar seitan-f9c6d862789eb5961502862882d2dc33eff854b8.tar.gz seitan-f9c6d862789eb5961502862882d2dc33eff854b8.tar.bz2 seitan-f9c6d862789eb5961502862882d2dc33eff854b8.tar.lz seitan-f9c6d862789eb5961502862882d2dc33eff854b8.tar.xz seitan-f9c6d862789eb5961502862882d2dc33eff854b8.tar.zst seitan-f9c6d862789eb5961502862882d2dc33eff854b8.zip |
eater: add error handling
Check for errors for prctl and seccomp syscall.
Signed-off-by: Alice Frosi <afrosi@redhat.com>
-rw-r--r-- | eater.c | 14 |
1 files changed, 10 insertions, 4 deletions
@@ -97,13 +97,19 @@ int main(int argc, char **argv) prog.filter = filter; prog.len = (unsigned short)(n / sizeof(filter[0])); - prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0); - fd = seccomp(SECCOMP_SET_MODE_FILTER, SECCOMP_FILTER_FLAG_NEW_LISTENER, - &prog); + if (prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0) != 0) { + perror("prctl"); + exit(EXIT_FAILURE); + } + if ((fd = seccomp(SECCOMP_SET_MODE_FILTER, SECCOMP_FILTER_FLAG_NEW_LISTENER, + &prog) < 0)) { + perror("seccomp"); + exit(EXIT_FAILURE); + } connect(0, NULL, 0); /* Wait for seitan to unblock this */ execvpe(argv[arguments.program_index], &argv[arguments.program_index], - environ); + environ); if (errno != ENOENT) { perror("execvpe"); exit(EXIT_FAILURE); |