diff options
author | Felipe Sateler <fsateler@debian.org> | 2019-02-20 21:24:33 -0300 |
---|---|---|
committer | Felipe Sateler <fsateler@debian.org> | 2019-02-20 21:24:33 -0300 |
commit | 7c20daf69c4411979b7f8902f3601d1cdc56cc07 (patch) | |
tree | d59b9989ce55ed23693e80974d94c856f1c2c8b1 /src/analyze/analyze-security.c | |
parent | 6e866b331d7cd4a5e0759dd160dea6edabd3678e (diff) | |
download | systemd-7c20daf69c4411979b7f8902f3601d1cdc56cc07.tar.gz |
New upstream version 241upstream/241
Diffstat (limited to 'src/analyze/analyze-security.c')
-rw-r--r-- | src/analyze/analyze-security.c | 23 |
1 files changed, 11 insertions, 12 deletions
diff --git a/src/analyze/analyze-security.c b/src/analyze/analyze-security.c index 1fc3c1e02f..a007ed1da4 100644 --- a/src/analyze/analyze-security.c +++ b/src/analyze/analyze-security.c @@ -485,24 +485,24 @@ static bool syscall_names_in_filter(Set *s, bool whitelist, const SyscallFilterS const char *syscall; NULSTR_FOREACH(syscall, f->value) { - bool b; + int id; if (syscall[0] == '@') { const SyscallFilterSet *g; - assert_se(g = syscall_filter_set_find(syscall)); - b = syscall_names_in_filter(s, whitelist, g); - } else { - int id; - /* Let's see if the system call actually exists on this platform, before complaining */ - id = seccomp_syscall_resolve_name(syscall); - if (id < 0) - continue; + assert_se(g = syscall_filter_set_find(syscall)); + if (syscall_names_in_filter(s, whitelist, g)) + return true; /* bad! */ - b = set_contains(s, syscall); + continue; } - if (whitelist == b) { + /* Let's see if the system call actually exists on this platform, before complaining */ + id = seccomp_syscall_resolve_name(syscall); + if (id < 0) + continue; + + if (set_contains(s, syscall) == whitelist) { log_debug("Offending syscall filter item: %s", syscall); return true; /* bad! */ } @@ -1859,7 +1859,6 @@ static int acquire_security_info(sd_bus *bus, const char *name, struct security_ { "PrivateNetwork", "b", NULL, offsetof(struct security_info, private_network) }, { "PrivateTmp", "b", NULL, offsetof(struct security_info, private_tmp) }, { "PrivateUsers", "b", NULL, offsetof(struct security_info, private_users) }, - { "PrivateUsers", "b", NULL, offsetof(struct security_info, private_users) }, { "ProtectControlGroups", "b", NULL, offsetof(struct security_info, protect_control_groups) }, { "ProtectHome", "s", NULL, offsetof(struct security_info, protect_home) }, { "ProtectKernelModules", "b", NULL, offsetof(struct security_info, protect_kernel_modules) }, |