emo/ndhc
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Whitelist syscalls provided by vDSO.

Browse Source
This commit is contained in:
Nicholas J. Kain 2012-07-22 09:49:51 -04:00
parent 7d5b6ddc7e
commit 483ca6752d
2 changed files with 11 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
ifchd/ifchd.c
View File

@ -153,6 +153,11 @@ static int enforce_seccomp(void)
#ifdef __NR_sigreturn #ifdef __NR_sigreturn
ALLOW_SYSCALL(sigreturn), ALLOW_SYSCALL(sigreturn),
#endif #endif
// Allowed by vDSO
ALLOW_SYSCALL(getcpu),
ALLOW_SYSCALL(time),
ALLOW_SYSCALL(gettimeofday),
ALLOW_SYSCALL(exit_group), ALLOW_SYSCALL(exit_group),
ALLOW_SYSCALL(exit), ALLOW_SYSCALL(exit),
KILL_PROCESS, KILL_PROCESS,

6
ndhc/ndhc.c
View File

@ -134,6 +134,12 @@ static int enforce_seccomp(void)
ALLOW_SYSCALL(connect), ALLOW_SYSCALL(connect),
ALLOW_SYSCALL(getsockname), ALLOW_SYSCALL(getsockname),
// Allowed by vDSO
ALLOW_SYSCALL(getcpu),
ALLOW_SYSCALL(time),
ALLOW_SYSCALL(gettimeofday),
ALLOW_SYSCALL(clock_gettime),
// These are for 'write_leasefile()' // These are for 'write_leasefile()'
ALLOW_SYSCALL(ftruncate), ALLOW_SYSCALL(ftruncate),
ALLOW_SYSCALL(lseek), ALLOW_SYSCALL(lseek),