fix segv
This commit is contained in:
guochao
parent
d422f30774
commit
0eb915ebeb
11
src/main.rs
11
src/main.rs
@ -68,7 +68,7 @@ fn main() -> anyhow::Result<()> {
|
|||||||
return Err(err.into());
|
return Err(err.into());
|
||||||
}
|
}
|
||||||
};
|
};
|
||||||
nix::sys::ptrace::setoptions(child, Options::PTRACE_O_TRACESECCOMP)?;
|
nix::sys::ptrace::setoptions(child, Options::PTRACE_O_TRACESECCOMP | Options::PTRACE_O_TRACECLONE | Options::PTRACE_O_TRACEFORK | Options::PTRACE_O_TRACEVFORK)?;
|
||||||
nix::sys::ptrace::cont(child, None)?;
|
nix::sys::ptrace::cont(child, None)?;
|
||||||
log::trace!("child is ready");
|
log::trace!("child is ready");
|
||||||
|
|
||||||
@ -158,8 +158,13 @@ fn main() -> anyhow::Result<()> {
|
|||||||
log::trace!("accepting {}({})", syscall_name, syscall_nr);
|
log::trace!("accepting {}({})", syscall_name, syscall_nr);
|
||||||
};
|
};
|
||||||
|
|
||||||
log::debug!("restrict myself by set_no_new_privs...");
|
#[cfg(feature = "tracing-mode")]
|
||||||
nix::sys::prctl::set_no_new_privs()?;
|
if tracing {
|
||||||
|
log::debug!("no need to restrict myself by set_no_new_privs");
|
||||||
|
} else {
|
||||||
|
log::debug!("restrict myself by set_no_new_privs...");
|
||||||
|
nix::sys::prctl::set_no_new_privs()?;
|
||||||
|
}
|
||||||
|
|
||||||
log::info!("loading filter into kernel...");
|
log::info!("loading filter into kernel...");
|
||||||
if let Err(err) = filter.load() {
|
if let Err(err) = filter.load() {
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user