diff options
| -rw-r--r-- | kernel/seccomp.c | 13 |
1 files changed, 9 insertions, 4 deletions
diff --git a/kernel/seccomp.c b/kernel/seccomp.c index d9db6ec46bc9..ee376beedaf9 100644 --- a/kernel/seccomp.c +++ b/kernel/seccomp.c @@ -377,8 +377,7 @@ int __secure_computing(int this_syscall) int mode = current->seccomp.mode; int exit_sig = 0; int *syscall; - u32 ret = SECCOMP_RET_KILL; - int data; + u32 ret; switch (mode) { case SECCOMP_MODE_STRICT: @@ -392,12 +391,15 @@ int __secure_computing(int this_syscall) return 0; } while (*++syscall); exit_sig = SIGKILL; + ret = SECCOMP_RET_KILL; break; #ifdef CONFIG_SECCOMP_FILTER - case SECCOMP_MODE_FILTER: + case SECCOMP_MODE_FILTER: { + int data; ret = seccomp_run_filters(this_syscall); data = ret & SECCOMP_RET_DATA; - switch (ret & SECCOMP_RET_ACTION) { + ret &= SECCOMP_RET_ACTION; + switch (ret) { case SECCOMP_RET_ERRNO: /* Set the low-order 16-bits as a errno. */ syscall_set_return_value(current, task_pt_regs(current), @@ -432,6 +434,7 @@ int __secure_computing(int this_syscall) } exit_sig = SIGSYS; break; + } #endif default: BUG(); @@ -442,8 +445,10 @@ int __secure_computing(int this_syscall) #endif audit_seccomp(this_syscall, exit_sig, ret); do_exit(exit_sig); +#ifdef CONFIG_SECCOMP_FILTER skip: audit_seccomp(this_syscall, exit_sig, ret); +#endif return -1; } |