diff options
| author | Toni Uhlig <matzeton@googlemail.com> | 2018-06-04 22:51:50 +0200 |
|---|---|---|
| committer | Toni Uhlig <matzeton@googlemail.com> | 2018-06-04 22:51:50 +0200 |
| commit | f08f519880261ec2bd72ba50bf5ff8600783fcd1 (patch) | |
| tree | 05fdf6d9939261ea987d932dcde8b1f4acac6129 /src/pseccomp.c | |
| parent | b882854c0dd614427ab5e1297c65cf1dace3a391 (diff) | |
POTD skeleton #94.
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
Diffstat (limited to 'src/pseccomp.c')
| -rw-r--r-- | src/pseccomp.c | 14 |
1 files changed, 8 insertions, 6 deletions
diff --git a/src/pseccomp.c b/src/pseccomp.c index 23198bd..250ffe4 100644 --- a/src/pseccomp.c +++ b/src/pseccomp.c @@ -20,10 +20,11 @@ static const int default_allowed_syscalls[] = { SCMP_SYS(rt_sigaction), SCMP_SYS(time), SCMP_SYS(nanosleep), SCMP_SYS(clock_gettime), SCMP_SYS(set_tid_address), SCMP_SYS(exit), SCMP_SYS(exit_group), - SCMP_SYS(read), SCMP_SYS(write), SCMP_SYS(fcntl), SCMP_SYS(writev), + SCMP_SYS(read), SCMP_SYS(write), SCMP_SYS(writev), + SCMP_SYS(fcntl), SCMP_SYS(fcntl64), SCMP_SYS(close), SCMP_SYS(wait4), - SCMP_SYS(sigprocmask), SCMP_SYS(tgkill), - SCMP_SYS(clone), SCMP_SYS(execve), + SCMP_SYS(sigprocmask), SCMP_SYS(tgkill), SCMP_SYS(gettid), + SCMP_SYS(fork), SCMP_SYS(clone), SCMP_SYS(execve), SCMP_SYS(socket), SCMP_SYS(bind), SCMP_SYS(setsockopt), SCMP_SYS(shutdown), SCMP_SYS(listen), SCMP_SYS(connect), SCMP_SYS(getsockname), SCMP_SYS(accept), SCMP_SYS(sendto), SCMP_SYS(recvmsg), SCMP_SYS(recvfrom), @@ -61,10 +62,11 @@ static const int jail_allowed_syscalls[] = { SCMP_SYS(rt_sigreturn), SCMP_SYS(rt_sigprocmask), SCMP_SYS(rt_sigaction), SCMP_SYS(time), SCMP_SYS(nanosleep), SCMP_SYS(exit), SCMP_SYS(exit_group), - SCMP_SYS(read), SCMP_SYS(write), SCMP_SYS(fcntl), SCMP_SYS(writev), + SCMP_SYS(read), SCMP_SYS(write), SCMP_SYS(writev), + SCMP_SYS(fcntl), SCMP_SYS(fcntl64), SCMP_SYS(close), SCMP_SYS(wait4), - SCMP_SYS(sigprocmask), SCMP_SYS(tgkill), - SCMP_SYS(clone), SCMP_SYS(execve), + SCMP_SYS(sigprocmask), SCMP_SYS(tgkill), SCMP_SYS(gettid), + SCMP_SYS(fork), SCMP_SYS(clone), SCMP_SYS(execve), SCMP_SYS(mmap), SCMP_SYS(brk), SCMP_SYS(madvise), SCMP_SYS(mprotect), SCMP_SYS(munmap), SCMP_SYS(futex), SCMP_SYS(open), SCMP_SYS(openat), SCMP_SYS(fstat), SCMP_SYS(access), |