diff options
Diffstat (limited to 'sandbox-seccomp-filter.c')
-rw-r--r-- | sandbox-seccomp-filter.c | 15 |
1 files changed, 15 insertions, 0 deletions
diff --git a/sandbox-seccomp-filter.c b/sandbox-seccomp-filter.c index b5cda70bb..f80981faf 100644 --- a/sandbox-seccomp-filter.c +++ b/sandbox-seccomp-filter.c | |||
@@ -177,6 +177,9 @@ static const struct sock_filter preauth_insns[] = { | |||
177 | #ifdef __NR_shmdt | 177 | #ifdef __NR_shmdt |
178 | SC_DENY(__NR_shmdt, EACCES), | 178 | SC_DENY(__NR_shmdt, EACCES), |
179 | #endif | 179 | #endif |
180 | #ifdef __NR_ipc | ||
181 | SC_DENY(__NR_ipc, EACCES), | ||
182 | #endif | ||
180 | 183 | ||
181 | /* Syscalls to permit */ | 184 | /* Syscalls to permit */ |
182 | #ifdef __NR_brk | 185 | #ifdef __NR_brk |
@@ -185,6 +188,9 @@ static const struct sock_filter preauth_insns[] = { | |||
185 | #ifdef __NR_clock_gettime | 188 | #ifdef __NR_clock_gettime |
186 | SC_ALLOW(__NR_clock_gettime), | 189 | SC_ALLOW(__NR_clock_gettime), |
187 | #endif | 190 | #endif |
191 | #ifdef __NR_clock_gettime64 | ||
192 | SC_ALLOW(__NR_clock_gettime64), | ||
193 | #endif | ||
188 | #ifdef __NR_close | 194 | #ifdef __NR_close |
189 | SC_ALLOW(__NR_close), | 195 | SC_ALLOW(__NR_close), |
190 | #endif | 196 | #endif |
@@ -242,6 +248,15 @@ static const struct sock_filter preauth_insns[] = { | |||
242 | #ifdef __NR_nanosleep | 248 | #ifdef __NR_nanosleep |
243 | SC_ALLOW(__NR_nanosleep), | 249 | SC_ALLOW(__NR_nanosleep), |
244 | #endif | 250 | #endif |
251 | #ifdef __NR_clock_nanosleep | ||
252 | SC_ALLOW(__NR_clock_nanosleep), | ||
253 | #endif | ||
254 | #ifdef __NR_clock_nanosleep_time64 | ||
255 | SC_ALLOW(__NR_clock_nanosleep_time64), | ||
256 | #endif | ||
257 | #ifdef __NR_clock_gettime64 | ||
258 | SC_ALLOW(__NR_clock_gettime64), | ||
259 | #endif | ||
245 | #ifdef __NR__newselect | 260 | #ifdef __NR__newselect |
246 | SC_ALLOW(__NR__newselect), | 261 | SC_ALLOW(__NR__newselect), |
247 | #endif | 262 | #endif |