internal/prctl: rename prctl wrappers
Signed-off-by: Ophestra <cat@gensokyo.uk>
This commit is contained in:
parent
f7bd6a5a41
commit
9e15898c8f
SSH Key Fingerprint:
SHA256:gQ67O0enBZ7UdZypgtspB2FDM1g3GVw8nX0XSdcFw8Q
@ -40,7 +40,7 @@ func main() {
|
||||
// early init argv0 check, skips root check and duplicate PR_SET_DUMPABLE
|
||||
init0.TryArgv0()
|
||||
|
||||
if err := internal.PR_SET_DUMPABLE__SUID_DUMP_DISABLE(); err != nil {
|
||||
if err := internal.SetDumpable(internal.SUID_DUMP_DISABLE); err != nil {
|
||||
log.Printf("cannot set SUID_DUMP_DISABLE: %s", err)
|
||||
// not fatal: this program runs as the privileged user
|
||||
}
|
||||
|
||||
@ -28,7 +28,7 @@ func Main() {
|
||||
fmsg.Prepare("init")
|
||||
|
||||
// setting this prevents ptrace
|
||||
if err := internal.PR_SET_DUMPABLE__SUID_DUMP_DISABLE(); err != nil {
|
||||
if err := internal.SetDumpable(internal.SUID_DUMP_DISABLE); err != nil {
|
||||
log.Fatalf("cannot set SUID_DUMP_DISABLE: %s", err)
|
||||
}
|
||||
|
||||
@ -64,7 +64,7 @@ func Main() {
|
||||
}
|
||||
|
||||
// die with parent
|
||||
if err := internal.PR_SET_PDEATHSIG__SIGKILL(); err != nil {
|
||||
if err := internal.SetPdeathsig(syscall.SIGKILL); err != nil {
|
||||
log.Fatalf("prctl(PR_SET_PDEATHSIG, SIGKILL): %v", err)
|
||||
}
|
||||
|
||||
|
||||
@ -29,7 +29,7 @@ func Main() {
|
||||
fmsg.Prepare("shim")
|
||||
|
||||
// setting this prevents ptrace
|
||||
if err := internal.PR_SET_DUMPABLE__SUID_DUMP_DISABLE(); err != nil {
|
||||
if err := internal.SetDumpable(internal.SUID_DUMP_DISABLE); err != nil {
|
||||
log.Fatalf("cannot set SUID_DUMP_DISABLE: %s", err)
|
||||
}
|
||||
|
||||
|
||||
@ -2,17 +2,22 @@ package internal
|
||||
|
||||
import "syscall"
|
||||
|
||||
func PR_SET_DUMPABLE__SUID_DUMP_DISABLE() error {
|
||||
const (
|
||||
SUID_DUMP_DISABLE = iota
|
||||
SUID_DUMP_USER
|
||||
)
|
||||
|
||||
func SetDumpable(dumpable uintptr) error {
|
||||
// linux/sched/coredump.h
|
||||
if _, _, errno := syscall.RawSyscall(syscall.SYS_PRCTL, syscall.PR_SET_DUMPABLE, 0, 0); errno != 0 {
|
||||
if _, _, errno := syscall.RawSyscall(syscall.SYS_PRCTL, syscall.PR_SET_DUMPABLE, dumpable, 0); errno != 0 {
|
||||
return errno
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
func PR_SET_PDEATHSIG__SIGKILL() error {
|
||||
if _, _, errno := syscall.RawSyscall(syscall.SYS_PRCTL, syscall.PR_SET_PDEATHSIG, uintptr(syscall.SIGKILL), 0); errno != 0 {
|
||||
func SetPdeathsig(sig syscall.Signal) error {
|
||||
if _, _, errno := syscall.RawSyscall(syscall.SYS_PRCTL, syscall.PR_SET_PDEATHSIG, uintptr(sig), 0); errno != 0 {
|
||||
return errno
|
||||
}
|
||||
|
||||
|
||||
2
main.go
2
main.go
@ -44,7 +44,7 @@ func main() {
|
||||
// early init argv0 check, skips root check and duplicate PR_SET_DUMPABLE
|
||||
init0.TryArgv0()
|
||||
|
||||
if err := internal.PR_SET_DUMPABLE__SUID_DUMP_DISABLE(); err != nil {
|
||||
if err := internal.SetDumpable(internal.SUID_DUMP_DISABLE); err != nil {
|
||||
log.Printf("cannot set SUID_DUMP_DISABLE: %s", err)
|
||||
// not fatal: this program runs as the privileged user
|
||||
}
|
||||
|
||||
Loading…
Reference in New Issue
Block a user