1 files changed, 9 insertions, 0 deletions
diff --git a/sandbox-seccomp-filter.c b/sandbox-seccomp-filter.c
index 840c5232b..39dc289e3 100644
--- a/sandbox-seccomp-filter.c
+++ b/sandbox-seccomp-filter.c
@@ -168,6 +168,15 @@ static const struct sock_filter preauth_insns[] = {
 #ifdef __NR_stat64
        SC_DENY(__NR_stat64, EACCES),
 #endif
+#ifdef __NR_shmget
+        SC_DENY(__NR_shmget, EACCES),
+#endif
+#ifdef __NR_shmat
+        SC_DENY(__NR_shmat, EACCES),
+#endif
+#ifdef __NR_shmdt
+        SC_DENY(__NR_shmdt, EACCES),
+#endif
        /* Syscalls to permit */
 #ifdef __NR_brk

diff --git a/sandbox-seccomp-filter.c b/sandbox-seccomp-filter.c index 840c5232b..39dc289e3 100644 --- a/sandbox-seccomp-filter.c +++ b/sandbox-seccomp-filter.c
@@ -168,6 +168,15 @@ static const struct sock_filter preauth_insns[] = {
168	#ifdef __NR_stat64	168	#ifdef __NR_stat64
169	SC_DENY(__NR_stat64, EACCES),	169	SC_DENY(__NR_stat64, EACCES),
170	#endif	170	#endif
		171	#ifdef __NR_shmget
		172	SC_DENY(__NR_shmget, EACCES),
		173	#endif
		174	#ifdef __NR_shmat
		175	SC_DENY(__NR_shmat, EACCES),
		176	#endif
		177	#ifdef __NR_shmdt
		178	SC_DENY(__NR_shmdt, EACCES),
		179	#endif
171		180
172	/* Syscalls to permit */	181	/* Syscalls to permit */
173	#ifdef __NR_brk	182	#ifdef __NR_brk