aboutsummaryrefslogtreecommitdiff
path: root/sandboxed_api/sandbox2/policy.cc
diff options
context:
space:
mode:
Diffstat (limited to 'sandboxed_api/sandbox2/policy.cc')
-rw-r--r--sandboxed_api/sandbox2/policy.cc5
1 files changed, 3 insertions, 2 deletions
diff --git a/sandboxed_api/sandbox2/policy.cc b/sandboxed_api/sandbox2/policy.cc
index 6a4b2f4..721abcf 100644
--- a/sandboxed_api/sandbox2/policy.cc
+++ b/sandboxed_api/sandbox2/policy.cc
@@ -183,8 +183,9 @@ std::vector<sock_filter> Policy::GetDefaultPolicy(bool user_notif) const {
policy.insert(policy.end(),
{
#ifdef __NR_clone3
- // Disallow clone3
- JEQ32(__NR_clone3, DENY),
+ // Disallow clone3. Errno instead of DENY so that libraries
+ // can fallback to regular clone/clone2.
+ JEQ32(__NR_clone3, ERRNO(ENOSYS)),
#endif
// Disallow clone3 and clone with unsafe flags. This uses
// LOAD_SYSCALL_NR from above.
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-05 01:49:34 +0000