If the kernel doesn't support PR_SET_NO_NEW_PRIVS, then
don't print a warning message. The warning message only serves
to confuse other people.
This change assumes that, if EINVAL is returned, the kernel is an
old kernel. Newer kernels have no option to disable PR_SET_NO_NEW_PRIVS,
so IMHO, this is a fair assumption.
Change-Id: I77b4769e1d93a9b2412ba5365227283761940fdc
#ifdef HAVE_ANDROID_OS
if (prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0) < 0) {
- if (errno == EINVAL) {
- SLOGW("PR_SET_NO_NEW_PRIVS failed. "
- "Is your kernel compiled correctly?: %s", strerror(errno));
- // Don't return -1 here, since it's expected that not all
- // kernels will support this option.
- } else {
- SLOGW("PR_SET_NO_NEW_PRIVS failed: %s", strerror(errno));
+ // Older kernels don't understand PR_SET_NO_NEW_PRIVS and return
+ // EINVAL. Don't die on such kernels.
+ if (errno != EINVAL) {
+ SLOGE("PR_SET_NO_NEW_PRIVS failed: %s", strerror(errno));
return -1;
}
}