commit 533be4ad041ff7b9c630181fe5265e4f70160947 Author: Yawning Angel yawning@schwanenlied.me Date: Sat Nov 26 07:20:04 2016 +0000
Instead of using the trace action, explciitly return ENOSYS on 386.
This mirrors the amd64 behavior, I just forgot to make this explicit when I changed it for real computers. --- src/cmd/sandboxed-tor-browser/internal/sandbox/seccomp_386.go | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/src/cmd/sandboxed-tor-browser/internal/sandbox/seccomp_386.go b/src/cmd/sandboxed-tor-browser/internal/sandbox/seccomp_386.go index 5cf3262..40e5691 100644 --- a/src/cmd/sandboxed-tor-browser/internal/sandbox/seccomp_386.go +++ b/src/cmd/sandboxed-tor-browser/internal/sandbox/seccomp_386.go @@ -59,7 +59,8 @@ func installSeccomp(fd *os.File, assets []string, isBlacklist bool) error { rules = append(rules, '\n') }
- defaultAct, ruleAct := seccomp.ActTrace, seccomp.ActAllow + actENOSYS := seccomp.ActErrno.SetReturnCode(38) + defaultAct, ruleAct := actENOSYS, seccomp.ActAllow if isBlacklist { defaultAct, ruleAct = ruleAct, defaultAct }