diff options
Diffstat (limited to 'sandbox-solaris.c')
-rw-r--r-- | sandbox-solaris.c | 9 |
1 files changed, 5 insertions, 4 deletions
diff --git a/sandbox-solaris.c b/sandbox-solaris.c index 98714e170..343a01022 100644 --- a/sandbox-solaris.c +++ b/sandbox-solaris.c | |||
@@ -48,19 +48,20 @@ ssh_sandbox_init(struct monitor *monitor) | |||
48 | struct ssh_sandbox *box = NULL; | 48 | struct ssh_sandbox *box = NULL; |
49 | 49 | ||
50 | box = xcalloc(1, sizeof(*box)); | 50 | box = xcalloc(1, sizeof(*box)); |
51 | box->pset = priv_allocset(); | 51 | |
52 | /* Start with "basic" and drop everything we don't need. */ | ||
53 | box->pset = solaris_basic_privset(); | ||
52 | 54 | ||
53 | if (box->pset == NULL) { | 55 | if (box->pset == NULL) { |
54 | free(box); | 56 | free(box); |
55 | return NULL; | 57 | return NULL; |
56 | } | 58 | } |
57 | 59 | ||
58 | /* Start with "basic" and drop everything we don't need. */ | ||
59 | priv_basicset(box->pset); | ||
60 | |||
61 | /* Drop everything except the ability to use already-opened files */ | 60 | /* Drop everything except the ability to use already-opened files */ |
62 | if (priv_delset(box->pset, PRIV_FILE_LINK_ANY) != 0 || | 61 | if (priv_delset(box->pset, PRIV_FILE_LINK_ANY) != 0 || |
62 | #ifdef PRIV_NET_ACCESS | ||
63 | priv_delset(box->pset, PRIV_NET_ACCESS) != 0 || | 63 | priv_delset(box->pset, PRIV_NET_ACCESS) != 0 || |
64 | #endif | ||
64 | priv_delset(box->pset, PRIV_PROC_EXEC) != 0 || | 65 | priv_delset(box->pset, PRIV_PROC_EXEC) != 0 || |
65 | priv_delset(box->pset, PRIV_PROC_FORK) != 0 || | 66 | priv_delset(box->pset, PRIV_PROC_FORK) != 0 || |
66 | priv_delset(box->pset, PRIV_PROC_INFO) != 0 || | 67 | priv_delset(box->pset, PRIV_PROC_INFO) != 0 || |