mirror of
https://github.com/OpenFusionProject/OpenFusion.git
synced 2024-11-14 10:20:05 +00:00
[seccomp] Whitelist newfstatat and fix a few #ifdefs
Some newer versions of either glibc or libsqlite3 seem to require this syscall for the server to terminate properly.
This commit is contained in:
parent
2dbe2629c1
commit
f126b88781
@ -153,15 +153,18 @@ static sock_filter filter[] = {
|
|||||||
ALLOW_SYSCALL(read),
|
ALLOW_SYSCALL(read),
|
||||||
ALLOW_SYSCALL(write),
|
ALLOW_SYSCALL(write),
|
||||||
ALLOW_SYSCALL(close),
|
ALLOW_SYSCALL(close),
|
||||||
#if __NR_stat
|
#ifdef __NR_stat
|
||||||
ALLOW_SYSCALL(stat),
|
ALLOW_SYSCALL(stat),
|
||||||
#endif
|
#endif
|
||||||
ALLOW_SYSCALL(fstat),
|
ALLOW_SYSCALL(fstat),
|
||||||
|
#ifdef __NR_newfstatat
|
||||||
|
ALLOW_SYSCALL(newfstatat),
|
||||||
|
#endif
|
||||||
ALLOW_SYSCALL(fsync), // maybe
|
ALLOW_SYSCALL(fsync), // maybe
|
||||||
#if __NR_creat
|
#ifdef __NR_creat
|
||||||
ALLOW_SYSCALL(creat), // maybe; for DB journal
|
ALLOW_SYSCALL(creat), // maybe; for DB journal
|
||||||
#endif
|
#endif
|
||||||
#if __NR_unlink
|
#ifdef __NR_unlink
|
||||||
ALLOW_SYSCALL(unlink), // for DB journal
|
ALLOW_SYSCALL(unlink), // for DB journal
|
||||||
#endif
|
#endif
|
||||||
ALLOW_SYSCALL(lseek), // musl-libc; alt DB
|
ALLOW_SYSCALL(lseek), // musl-libc; alt DB
|
||||||
@ -274,7 +277,7 @@ static sock_filter filter[] = {
|
|||||||
#endif
|
#endif
|
||||||
|
|
||||||
// AArch64 (ARM64)
|
// AArch64 (ARM64)
|
||||||
#if __NR_unlinkat
|
#ifdef __NR_unlinkat
|
||||||
ALLOW_SYSCALL(unlinkat),
|
ALLOW_SYSCALL(unlinkat),
|
||||||
#endif
|
#endif
|
||||||
#ifdef __NR_fstatat64
|
#ifdef __NR_fstatat64
|
||||||
|
Loading…
Reference in New Issue
Block a user