MrBesen
/
FontBot
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

added syscalls

This commit is contained in:
mrbesen 2021-10-17 14:43:21 +02:00
parent 6f1304d559
commit 2bd9ccbc99
Signed by: MrBesen
GPG Key ID: 596B2350DCD67504
1 changed files with 7 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
src/main.cpp
View File

@ -79,9 +79,14 @@ static bool enableSecurity() {
seccomp_rule_add(scmp, SCMP_ACT_ALLOW, SCMP_SYS(restart_syscall), 0);
seccomp_rule_add(scmp, SCMP_ACT_ALLOW, SCMP_SYS(futex), 0);
seccomp_rule_add(scmp, SCMP_ACT_ALLOW, SCMP_SYS(connect), 0);
seccomp_rule_add(scmp, SCMP_ACT_ALLOW, SCMP_SYS(socketpair), 0); // what?
seccomp_rule_add(scmp, SCMP_ACT_ALLOW, SCMP_SYS(set_robust_list), 1, SCMP_A0(SCMP_CMP_EQ, 0));
seccomp_rule_add(scmp, SCMP_ACT_ALLOW, SCMP_SYS(get_robust_list), 1, SCMP_A0(SCMP_CMP_EQ, 0));
seccomp_rule_add(scmp, SCMP_ACT_ALLOW, SCMP_SYS(socket), 0);
seccomp_rule_add(scmp, SCMP_ACT_ALLOW, SCMP_SYS(setsockopt), 0);
seccomp_rule_add(scmp, SCMP_ACT_ALLOW, SCMP_SYS(getsockopt), 0);
seccomp_rule_add(scmp, SCMP_ACT_ALLOW, SCMP_SYS(set_robust_list), 0);
seccomp_rule_add(scmp, SCMP_ACT_ALLOW, SCMP_SYS(get_robust_list), 0);
seccomp_rule_add(scmp, SCMP_ACT_ALLOW, SCMP_SYS(uname), 0);
seccomp_rule_add(scmp, SCMP_ACT_ALLOW, SCMP_SYS(clone), 0); // curl wants to spawn threads
seccomp_rule_add(scmp, SCMP_ACT_ALLOW, SCMP_SYS(mmap), 0);