emo/ndhc
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Permit sendmsg in the seccomp syscall whitelist for all daemons.

Browse Source
This commit is contained in:
Nicholas J. Kain 2014-04-15 14:57:07 -04:00
parent b5f0ccd88d
commit e5834da6d3
1 changed files with 3 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
src/seccomp.c
View File

@ -49,6 +49,7 @@ int enforce_seccomp_ndhc(void)
#if defined(__x86_64__) || (defined(__arm__) && defined(__ARM_EABI__)) #if defined(__x86_64__) || (defined(__arm__) && defined(__ARM_EABI__))
ALLOW_SYSCALL(sendto), // used for glibc syslog routines ALLOW_SYSCALL(sendto), // used for glibc syslog routines
ALLOW_SYSCALL(recvmsg), ALLOW_SYSCALL(recvmsg),
ALLOW_SYSCALL(sendmsg),
ALLOW_SYSCALL(recvfrom), ALLOW_SYSCALL(recvfrom),
ALLOW_SYSCALL(connect), ALLOW_SYSCALL(connect),
#elif defined(__i386__) #elif defined(__i386__)
@ -120,6 +121,7 @@ int enforce_seccomp_ifch(void)
#if defined(__x86_64__) || (defined(__arm__) && defined(__ARM_EABI__)) #if defined(__x86_64__) || (defined(__arm__) && defined(__ARM_EABI__))
ALLOW_SYSCALL(sendto), // used for glibc syslog routines ALLOW_SYSCALL(sendto), // used for glibc syslog routines
ALLOW_SYSCALL(recvmsg), ALLOW_SYSCALL(recvmsg),
ALLOW_SYSCALL(sendmsg),
ALLOW_SYSCALL(recvfrom), ALLOW_SYSCALL(recvfrom),
ALLOW_SYSCALL(socket), ALLOW_SYSCALL(socket),
#elif defined(__i386__) #elif defined(__i386__)
@ -178,6 +180,7 @@ int enforce_seccomp_sockd(void)
#if defined(__x86_64__) || (defined(__arm__) && defined(__ARM_EABI__)) #if defined(__x86_64__) || (defined(__arm__) && defined(__ARM_EABI__))
ALLOW_SYSCALL(sendto), // used for glibc syslog routines ALLOW_SYSCALL(sendto), // used for glibc syslog routines
ALLOW_SYSCALL(recvmsg), ALLOW_SYSCALL(recvmsg),
ALLOW_SYSCALL(sendmsg),
ALLOW_SYSCALL(recvfrom), ALLOW_SYSCALL(recvfrom),
ALLOW_SYSCALL(socket), ALLOW_SYSCALL(socket),
ALLOW_SYSCALL(setsockopt), ALLOW_SYSCALL(setsockopt),