Whitelist syscalls for 32-bit x86 Linux

Should probably filter the args to this for the sake of proper
sandboxing.
This commit is contained in:
dongresource 2021-11-06 21:07:13 +01:00
parent 9297e82589
commit dfe596447b

View File

@ -117,7 +117,9 @@ static sock_filter filter[] = {
// networking // networking
ALLOW_SYSCALL(poll), ALLOW_SYSCALL(poll),
#ifdef __NR_accept
ALLOW_SYSCALL(accept), ALLOW_SYSCALL(accept),
#endif
ALLOW_SYSCALL(setsockopt), ALLOW_SYSCALL(setsockopt),
ALLOW_SYSCALL(sendto), ALLOW_SYSCALL(sendto),
ALLOW_SYSCALL(recvfrom), ALLOW_SYSCALL(recvfrom),
@ -131,6 +133,11 @@ static sock_filter filter[] = {
#endif #endif
ALLOW_SYSCALL(rt_sigreturn), ALLOW_SYSCALL(rt_sigreturn),
// i386
#ifdef __NR_socketcall
ALLOW_SYSCALL(socketcall),
#endif
// Raspberry Pi (ARM) // Raspberry Pi (ARM)
#ifdef __NR_set_robust_list #ifdef __NR_set_robust_list
ALLOW_SYSCALL(set_robust_list), ALLOW_SYSCALL(set_robust_list),