OpenPunk/OpenFusion
1
0
Fork 0
mirror of https://github.com/OpenFusionProject/OpenFusion.git synced 2024-11-13 02:10:03 +00:00
Code Issues Packages Projects Releases Wiki Activity

[seccomp] Whitelist newfstatat and fix a few #ifdefs

Browse Source 
Some newer versions of either glibc or libsqlite3 seem to require this
syscall for the server to terminate properly.
This commit is contained in:
dongresource 2022-09-04 20:53:17 +02:00
parent 2dbe2629c1
commit f126b88781
1 changed files with 7 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
src/sandbox/seccomp.cpp
View File

@ -153,15 +153,18 @@ static sock_filter filter[] = {
ALLOW_SYSCALL(read),
ALLOW_SYSCALL(write),
ALLOW_SYSCALL(close),
#if __NR_stat
#ifdef __NR_stat
ALLOW_SYSCALL(stat),
#endif
ALLOW_SYSCALL(fstat),
#ifdef __NR_newfstatat
ALLOW_SYSCALL(newfstatat),
#endif
ALLOW_SYSCALL(fsync), // maybe
#if __NR_creat
#ifdef __NR_creat
ALLOW_SYSCALL(creat), // maybe; for DB journal
#endif
#if __NR_unlink
#ifdef __NR_unlink
ALLOW_SYSCALL(unlink), // for DB journal
#endif
ALLOW_SYSCALL(lseek), // musl-libc; alt DB
@ -274,7 +277,7 @@ static sock_filter filter[] = {
#endif
// AArch64 (ARM64)
#if __NR_unlinkat
#ifdef __NR_unlinkat
ALLOW_SYSCALL(unlinkat),
#endif
#ifdef __NR_fstatat64