diff options
| author | Toni Uhlig <matzeton@googlemail.com> | 2018-05-22 22:25:31 +0200 |
|---|---|---|
| committer | Toni Uhlig <matzeton@googlemail.com> | 2018-05-22 22:25:31 +0200 |
| commit | 52a8693b242f6ef1f0c3fa9c7d008728fcfb7f75 (patch) | |
| tree | 42fe9271ba116280fa70b4f361d35892e8dc779d | |
| parent | 45189d750814f369b9b68b6ae3c04605187ba37c (diff) | |
POTD skeleton #77.
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
| -rw-r--r-- | src/protocol_ssh.c | 1 | ||||
| -rw-r--r-- | src/pseccomp.c | 8 | ||||
| -rw-r--r-- | src/socket.h | 2 | ||||
| -rw-r--r-- | src/utils.c | 2 |
4 files changed, 8 insertions, 5 deletions
diff --git a/src/protocol_ssh.c b/src/protocol_ssh.c index 559dfe7..a5ed4a8 100644 --- a/src/protocol_ssh.c +++ b/src/protocol_ssh.c @@ -534,6 +534,7 @@ static int client_mainloop(ssh_client *data) ssh_event_dopoll(event, 1000); } while (!ssh_channel_is_closed(chan)); + ssh_disconnect(session); ssh_event_remove_fd(event, ctx->sock.fd); ssh_event_remove_session(event, session); ssh_event_free(event); diff --git a/src/pseccomp.c b/src/pseccomp.c index 7f08ab2..2660e2a 100644 --- a/src/pseccomp.c +++ b/src/pseccomp.c @@ -28,7 +28,7 @@ static const int default_allowed_syscalls[] = { SCMP_SYS(listen), SCMP_SYS(connect), SCMP_SYS(getsockname), SCMP_SYS(accept), SCMP_SYS(sendto), SCMP_SYS(recvmsg), SCMP_SYS(recvfrom), SCMP_SYS(epoll_create1), SCMP_SYS(epoll_ctl), SCMP_SYS(epoll_pwait), - SCMP_SYS(poll), + SCMP_SYS(poll), SCMP_SYS(pipe), SCMP_SYS(pipe2), SCMP_SYS(set_robust_list), SCMP_SYS(getrlimit), SCMP_SYS(seccomp), SCMP_SYS(getrusage), SCMP_SYS(prctl), SCMP_SYS(mmap), SCMP_SYS(brk), SCMP_SYS(madvise), @@ -47,7 +47,8 @@ static const int default_allowed_syscalls[] = { SCMP_SYS(umount2), SCMP_SYS(mknod), SCMP_SYS(mkdir), SCMP_SYS(rmdir), SCMP_SYS(statfs), SCMP_SYS(ioctl), - SCMP_SYS(chown), SCMP_SYS(chmod), SCMP_SYS(setsid), SCMP_SYS(dup2), + SCMP_SYS(chown), SCMP_SYS(chmod), SCMP_SYS(setsid), + SCMP_SYS(dup), SCMP_SYS(dup2), SCMP_SYS(dup3), SCMP_SYS(sethostname), SCMP_SYS(uname), SCMP_SYS(arch_prctl) }; @@ -67,7 +68,7 @@ static const int jail_allowed_syscalls[] = { SCMP_SYS(mmap), SCMP_SYS(brk), SCMP_SYS(madvise), SCMP_SYS(mprotect), SCMP_SYS(munmap), SCMP_SYS(futex), SCMP_SYS(open), SCMP_SYS(openat), SCMP_SYS(fstat), SCMP_SYS(access), - SCMP_SYS(poll), + SCMP_SYS(poll), SCMP_SYS(pipe), SCMP_SYS(pipe2), SCMP_SYS(lseek), SCMP_SYS(stat), SCMP_SYS(readlink), SCMP_SYS(getcwd), SCMP_SYS(lstat), SCMP_SYS(sysinfo), SCMP_SYS(setuid), SCMP_SYS(setgid), @@ -78,6 +79,7 @@ static const int jail_allowed_syscalls[] = { SCMP_SYS(chdir), SCMP_SYS(mount), SCMP_SYS(umount2), SCMP_SYS(ioctl), + SCMP_SYS(dup), SCMP_SYS(dup2), SCMP_SYS(dup3), SCMP_SYS(sethostname), SCMP_SYS(uname), SCMP_SYS(arch_prctl) }; diff --git a/src/socket.h b/src/socket.h index 913f6c2..ebd78d8 100644 --- a/src/socket.h +++ b/src/socket.h @@ -3,7 +3,7 @@ #include <netdb.h> -#define POTD_BACKLOG 3 +#define POTD_BACKLOG 8 typedef struct psocket { int fd; diff --git a/src/utils.c b/src/utils.c index f4be2ac..9abdff4 100644 --- a/src/utils.c +++ b/src/utils.c @@ -473,7 +473,7 @@ int cgroups_set(void) const char cfs_quota[] = "cpu.cfs_quota_us"; const char cfs_quota_limit[] = "10000"; const char pid_max[] = "pids.max"; - const char pid_max_limit[] = "5"; + const char pid_max_limit[] = "10"; if (remove(cgmem) && errno != ENOENT) return 1; |