Whitelist syscalls provided by vDSO.

2012-07-22 09:49:51 -04:00 · 2012-07-22 09:49:51 -04:00 · 483ca6752d
commit 483ca6752d
parent 7d5b6ddc7e
2 changed files with 11 additions and 0 deletions
--- a/ifchd/ifchd.c
+++ b/ifchd/ifchd.c
@ -153,6 +153,11 @@ static int enforce_seccomp(void)
 #ifdef __NR_sigreturn
        ALLOW_SYSCALL(sigreturn),
 #endif
+        // Allowed by vDSO
+        ALLOW_SYSCALL(getcpu),
+        ALLOW_SYSCALL(time),
+        ALLOW_SYSCALL(gettimeofday),
+
        ALLOW_SYSCALL(exit_group),
        ALLOW_SYSCALL(exit),
        KILL_PROCESS,
--- a/ndhc/ndhc.c
+++ b/ndhc/ndhc.c
@ -134,6 +134,12 @@ static int enforce_seccomp(void)
        ALLOW_SYSCALL(connect),
        ALLOW_SYSCALL(getsockname),

+        // Allowed by vDSO
+        ALLOW_SYSCALL(getcpu),
+        ALLOW_SYSCALL(time),
+        ALLOW_SYSCALL(gettimeofday),
+        ALLOW_SYSCALL(clock_gettime),
+
        // These are for 'write_leasefile()'
        ALLOW_SYSCALL(ftruncate),
        ALLOW_SYSCALL(lseek),