Add recvfrom to the seccomp syscall whitelist.
This commit is contained in:
parent
cab9162d8d
commit
650da6a7fd
@ -49,6 +49,7 @@ int enforce_seccomp_ndhc(void)
|
|||||||
#if defined(__x86_64__) || (defined(__arm__) && defined(__ARM_EABI__))
|
#if defined(__x86_64__) || (defined(__arm__) && defined(__ARM_EABI__))
|
||||||
ALLOW_SYSCALL(sendto), // used for glibc syslog routines
|
ALLOW_SYSCALL(sendto), // used for glibc syslog routines
|
||||||
ALLOW_SYSCALL(recvmsg),
|
ALLOW_SYSCALL(recvmsg),
|
||||||
|
ALLOW_SYSCALL(recvfrom),
|
||||||
ALLOW_SYSCALL(connect),
|
ALLOW_SYSCALL(connect),
|
||||||
#elif defined(__i386__)
|
#elif defined(__i386__)
|
||||||
ALLOW_SYSCALL(socketcall),
|
ALLOW_SYSCALL(socketcall),
|
||||||
@ -119,6 +120,7 @@ int enforce_seccomp_ifch(void)
|
|||||||
#if defined(__x86_64__) || (defined(__arm__) && defined(__ARM_EABI__))
|
#if defined(__x86_64__) || (defined(__arm__) && defined(__ARM_EABI__))
|
||||||
ALLOW_SYSCALL(sendto), // used for glibc syslog routines
|
ALLOW_SYSCALL(sendto), // used for glibc syslog routines
|
||||||
ALLOW_SYSCALL(recvmsg),
|
ALLOW_SYSCALL(recvmsg),
|
||||||
|
ALLOW_SYSCALL(recvfrom),
|
||||||
ALLOW_SYSCALL(socket),
|
ALLOW_SYSCALL(socket),
|
||||||
#elif defined(__i386__)
|
#elif defined(__i386__)
|
||||||
ALLOW_SYSCALL(socketcall),
|
ALLOW_SYSCALL(socketcall),
|
||||||
@ -176,6 +178,7 @@ int enforce_seccomp_sockd(void)
|
|||||||
#if defined(__x86_64__) || (defined(__arm__) && defined(__ARM_EABI__))
|
#if defined(__x86_64__) || (defined(__arm__) && defined(__ARM_EABI__))
|
||||||
ALLOW_SYSCALL(sendto), // used for glibc syslog routines
|
ALLOW_SYSCALL(sendto), // used for glibc syslog routines
|
||||||
ALLOW_SYSCALL(recvmsg),
|
ALLOW_SYSCALL(recvmsg),
|
||||||
|
ALLOW_SYSCALL(recvfrom),
|
||||||
ALLOW_SYSCALL(socket),
|
ALLOW_SYSCALL(socket),
|
||||||
ALLOW_SYSCALL(setsockopt),
|
ALLOW_SYSCALL(setsockopt),
|
||||||
ALLOW_SYSCALL(bind),
|
ALLOW_SYSCALL(bind),
|
||||||
|
Loading…
Reference in New Issue
Block a user