Skip to content

Commit

Permalink
seccomp: Use PR_SPEC_FORCE_DISABLE
Browse files Browse the repository at this point in the history 
Use PR_SPEC_FORCE_DISABLE in seccomp() because seccomp does not allow to
widen restrictions.

Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
  • Loading branch information
@KAGA-KOKO
KAGA-KOKO committed May 4, 2018
1 parent 356e4bf commit b849a81
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion kernel/seccomp.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -239,7 +239,7 @@ static inline void spec_mitigate(struct task_struct *task,
int state = arch_prctl_spec_ctrl_get(task, which);

if (state > 0 && (state & PR_SPEC_PRCTL))
arch_prctl_spec_ctrl_set(task, which, PR_SPEC_DISABLE);
arch_prctl_spec_ctrl_set(task, which, PR_SPEC_FORCE_DISABLE);
}

static inline void seccomp_assign_mode(struct task_struct *task,
Expand Down

0 comments on commit b849a81

Please sign in to comment.