summaryrefslogtreecommitdiff
path: root/sandbox-seccomp-filter.c
diff options
context:
space:
mode:
Diffstat (limited to 'sandbox-seccomp-filter.c')
-rw-r--r--sandbox-seccomp-filter.c8
1 files changed, 8 insertions, 0 deletions
diff --git a/sandbox-seccomp-filter.c b/sandbox-seccomp-filter.c
index ef2b13c4f..e12418399 100644
--- a/sandbox-seccomp-filter.c
+++ b/sandbox-seccomp-filter.c
@@ -44,6 +44,7 @@
44#include <linux/audit.h> 44#include <linux/audit.h>
45#include <linux/filter.h> 45#include <linux/filter.h>
46#include <linux/seccomp.h> 46#include <linux/seccomp.h>
47#include <elf.h>
47 48
48#include <asm/unistd.h> 49#include <asm/unistd.h>
49 50
@@ -90,7 +91,9 @@ static const struct sock_filter preauth_insns[] = {
90 SC_DENY(open, EACCES), 91 SC_DENY(open, EACCES),
91 SC_ALLOW(getpid), 92 SC_ALLOW(getpid),
92 SC_ALLOW(gettimeofday), 93 SC_ALLOW(gettimeofday),
94#ifdef __NR_time /* not defined on EABI ARM */
93 SC_ALLOW(time), 95 SC_ALLOW(time),
96#endif
94 SC_ALLOW(read), 97 SC_ALLOW(read),
95 SC_ALLOW(write), 98 SC_ALLOW(write),
96 SC_ALLOW(close), 99 SC_ALLOW(close),
@@ -102,7 +105,12 @@ static const struct sock_filter preauth_insns[] = {
102 SC_ALLOW(select), 105 SC_ALLOW(select),
103#endif 106#endif
104 SC_ALLOW(madvise), 107 SC_ALLOW(madvise),
108#ifdef __NR_mmap2 /* EABI ARM only has mmap2() */
109 SC_ALLOW(mmap2),
110#endif
111#ifdef __NR_mmap
105 SC_ALLOW(mmap), 112 SC_ALLOW(mmap),
113#endif
106 SC_ALLOW(munmap), 114 SC_ALLOW(munmap),
107 SC_ALLOW(exit_group), 115 SC_ALLOW(exit_group),
108#ifdef __NR_rt_sigprocmask 116#ifdef __NR_rt_sigprocmask
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-29 08:30:04 +0000