diff options
Diffstat (limited to 'lib/sandbox.c')
-rw-r--r-- | lib/sandbox.c | 21 |
1 files changed, 11 insertions, 10 deletions
diff --git a/lib/sandbox.c b/lib/sandbox.c index c097482b..204bda4c 100644 --- a/lib/sandbox.c +++ b/lib/sandbox.c @@ -43,6 +43,7 @@ # include "config.h" #endif /* HAVE_CONFIG_H */ +#include <stdbool.h> #include <errno.h> #include <stdlib.h> #include <string.h> @@ -86,14 +87,14 @@ static void gripe_seccomp_filter_unavailable (void) "CONFIG_SECCOMP_FILTER\n"); } -static int search_ld_preload (const char *needle) +static bool search_ld_preload (const char *needle) { const char *ld_preload_env; static char *ld_preload_file = NULL; ld_preload_env = getenv ("LD_PRELOAD"); if (ld_preload_env && strstr (ld_preload_env, needle) != NULL) - return 1; + return true; if (!ld_preload_file) { int fd; @@ -118,9 +119,9 @@ static int search_ld_preload (const char *needle) * for you. */ if (strstr (ld_preload_file, needle) != NULL) - return 1; + return true; - return 0; + return false; } /* Can we load a seccomp filter into this process? @@ -128,20 +129,20 @@ static int search_ld_preload (const char *needle) * This guard allows us to call sandbox_load in code paths that may * conditionally do so again. */ -static int can_load_seccomp (void) +static bool can_load_seccomp (void) { const char *man_disable_seccomp; int seccomp_status; if (seccomp_filter_unavailable) { gripe_seccomp_filter_unavailable (); - return 0; + return false; } man_disable_seccomp = getenv ("MAN_DISABLE_SECCOMP"); if (man_disable_seccomp && *man_disable_seccomp) { debug ("seccomp filter disabled by user request\n"); - return 0; + return false; } /* Valgrind causes the child process to make some system calls we @@ -158,13 +159,13 @@ static int can_load_seccomp (void) if (search_ld_preload ("/vgpreload")) { debug ("seccomp filter disabled while running under " "Valgrind\n"); - return 0; + return false; } seccomp_status = prctl (PR_GET_SECCOMP); if (seccomp_status == 0) - return 1; + return true; if (seccomp_status == -1) { if (errno == EINVAL) @@ -177,7 +178,7 @@ static int can_load_seccomp (void) else debug ("unknown return value from PR_GET_SECCOMP: %d\n", seccomp_status); - return 0; + return false; } #endif /* HAVE_LIBSECCOMP */ |