POTD skeleton #63.

Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
author: Toni Uhlig <matzeton@googlemail.com> 2018-05-20 02:26:20 +0200
committer: Toni Uhlig <matzeton@googlemail.com> 2018-05-20 02:26:20 +0200
commit: 9b9825fa6a33a4f9703905100a88190aaf030607 (patch)
tree: 1dbb712b543320748e29afb8fd751e67fbfe9ed6 /src/main.c
parent: 84d818f280f3a398fc91ca82699bc380d37d99cf (diff)
1 files changed, 10 insertions, 2 deletions
diff --git a/src/main.c b/src/main.c
index 3d34228..b2723c0 100644
--- a/src/main.c
+++ b/src/main.c
@@ -31,6 +31,7 @@ int main(int argc, char *argv[])
     event_ctx *jail_event = NULL;
     int proc_status;
     pid_t daemon_pid, rdr_pid, jail_pid, child_pid;
+    pseccomp_ctx *psc = NULL;
 
     (void) argc;
     (void) argv;
@@ -39,9 +40,16 @@ int main(int argc, char *argv[])
     LOG_SET_FUNCS_VA(LOG_COLORED_FUNCS);
     N("%s (C) 2018 Toni Uhlig (%s)", PACKAGE_STRING, PACKAGE_BUGREPORT);
 
-    pseccomp_init();
-    pseccomp_set_immutable();
+    if (geteuid() != 0) {
+        E("%s", "I was made for root!");
+        exit(EXIT_FAILURE);
+    }
+
     caps_default_filter();
+    pseccomp_init(&psc);
+    if (pseccomp_default_rules(psc))
+        FATAL("%s", "SECCOMP: adding default rules");
+    pseccomp_free(&psc);
 
     D("%s", "Forking into background/foreground");
     daemon_pid = daemonize(1);
author	Toni Uhlig <matzeton@googlemail.com>	2018-05-20 02:26:20 +0200
committer	Toni Uhlig <matzeton@googlemail.com>	2018-05-20 02:26:20 +0200
commit	9b9825fa6a33a4f9703905100a88190aaf030607 (patch)
tree	1dbb712b543320748e29afb8fd751e67fbfe9ed6 /src/main.c
parent	84d818f280f3a398fc91ca82699bc380d37d99cf (diff)