mirror of
https://github.com/OpenFusionProject/OpenFusion.git
synced 2024-11-24 22:11:04 +00:00
[seccomp] Whitelist newfstatat and fix a few #ifdefs
Some newer versions of either glibc or libsqlite3 seem to require this syscall for the server to terminate properly.
This commit is contained in:
parent
2dbe2629c1
commit
f126b88781
@ -153,15 +153,18 @@ static sock_filter filter[] = {
|
||||
ALLOW_SYSCALL(read),
|
||||
ALLOW_SYSCALL(write),
|
||||
ALLOW_SYSCALL(close),
|
||||
#if __NR_stat
|
||||
#ifdef __NR_stat
|
||||
ALLOW_SYSCALL(stat),
|
||||
#endif
|
||||
ALLOW_SYSCALL(fstat),
|
||||
#ifdef __NR_newfstatat
|
||||
ALLOW_SYSCALL(newfstatat),
|
||||
#endif
|
||||
ALLOW_SYSCALL(fsync), // maybe
|
||||
#if __NR_creat
|
||||
#ifdef __NR_creat
|
||||
ALLOW_SYSCALL(creat), // maybe; for DB journal
|
||||
#endif
|
||||
#if __NR_unlink
|
||||
#ifdef __NR_unlink
|
||||
ALLOW_SYSCALL(unlink), // for DB journal
|
||||
#endif
|
||||
ALLOW_SYSCALL(lseek), // musl-libc; alt DB
|
||||
@ -274,7 +277,7 @@ static sock_filter filter[] = {
|
||||
#endif
|
||||
|
||||
// AArch64 (ARM64)
|
||||
#if __NR_unlinkat
|
||||
#ifdef __NR_unlinkat
|
||||
ALLOW_SYSCALL(unlinkat),
|
||||
#endif
|
||||
#ifdef __NR_fstatat64
|
||||
|
Loading…
Reference in New Issue
Block a user