From: Etienne CHAMPETIER <champetier.etienne@gmail.com>
Date: Wed, 26 Aug 2015 23:26:43 +0000 (+0000)
Subject: jail, seccomp: remove useless root check
X-Git-Url: http://git.archive.openwrt.org/?p=project%2Fprocd.git;a=commitdiff_plain;h=2059c75baa34f0f5952eedea6c25ae42232e89e5

jail, seccomp: remove useless root check

prctl(PR_SET_NO_NEW_PRIVS, 1) is enough, we don't require CAP_SYS_ADMIN
see
https://www.kernel.org/doc/Documentation/prctl/seccomp_filter.txt
https://www.kernel.org/doc/Documentation/prctl/no_new_privs.txt

Signed-off-by: Etienne CHAMPETIER <champetier.etienne@gmail.com>
---

diff --git a/jail/preload.c b/jail/preload.c
index 97ac44d..a1cc0b6 100644
--- a/jail/preload.c
+++ b/jail/preload.c
@@ -27,14 +27,8 @@ static main_t __main__;
 
 static int __preload_main__(int argc, char **argv, char **envp)
 {
-	uid_t uid = getuid();
 	char *env_file = getenv("SECCOMP_FILE");
 
-	if (uid) {
-		INFO("preload-seccomp: %s: not root, cannot install seccomp filter\n", *argv);
-		return -1;
-	}
-
 	if (install_syscall_filter(*argv, env_file))
 		return -1;