nsjail: free seccomp filter upon nsjail exit
This commit is contained in:
parent
8a22a4abb6
commit
2545fcd3a9
@ -363,6 +363,8 @@ std::unique_ptr<nsjconf_t> parseArgs(int argc, char* argv[]) {
|
||||
nsjconf->iface_vs_gw = "0.0.0.0";
|
||||
nsjconf->orig_uid = getuid();
|
||||
nsjconf->num_cpus = sysconf(_SC_NPROCESSORS_ONLN);
|
||||
nsjconf->seccomp_fprog.filter = NULL;
|
||||
nsjconf->seccomp_fprog.len = 0;
|
||||
|
||||
nsjconf->openfds.push_back(STDIN_FILENO);
|
||||
nsjconf->openfds.push_back(STDOUT_FILENO);
|
||||
|
@ -179,10 +179,12 @@ int main(int argc, char* argv[]) {
|
||||
LOG_F("Couldn't prepare sandboxing policy");
|
||||
}
|
||||
|
||||
int ret = 0;
|
||||
if (nsjconf->mode == MODE_LISTEN_TCP) {
|
||||
nsjailListenMode(nsjconf.get());
|
||||
} else {
|
||||
return nsjailStandaloneMode(nsjconf.get());
|
||||
ret = nsjailStandaloneMode(nsjconf.get());
|
||||
}
|
||||
return 0;
|
||||
sandbox::closePolicy(nsjconf.get());
|
||||
return ret;
|
||||
}
|
||||
|
@ -95,4 +95,13 @@ bool preparePolicy(nsjconf_t* nsjconf) {
|
||||
return true;
|
||||
}
|
||||
|
||||
void closePolicy(nsjconf_t* nsjconf) {
|
||||
if (!nsjconf->seccomp_fprog.filter) {
|
||||
return;
|
||||
}
|
||||
free(nsjconf->seccomp_fprog.filter);
|
||||
nsjconf->seccomp_fprog.filter = nullptr;
|
||||
nsjconf->seccomp_fprog.len = 0;
|
||||
}
|
||||
|
||||
} // namespace sandbox
|
||||
|
Loading…
Reference in New Issue
Block a user