MrBesen
/
FontBot
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

added set/get robust list to seccomp

This commit is contained in:
mrbesen 2021-10-04 17:51:54 +02:00
parent 4baff22dfa
commit 6f1304d559
Signed by: MrBesen
GPG Key ID: 596B2350DCD67504
1 changed files with 2 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/main.cpp
View File

@ -80,6 +80,8 @@ static bool enableSecurity() {
seccomp_rule_add(scmp, SCMP_ACT_ALLOW, SCMP_SYS(restart_syscall), 0);
seccomp_rule_add(scmp, SCMP_ACT_ALLOW, SCMP_SYS(futex), 0);
seccomp_rule_add(scmp, SCMP_ACT_ALLOW, SCMP_SYS(socketpair), 0); // what?
seccomp_rule_add(scmp, SCMP_ACT_ALLOW, SCMP_SYS(set_robust_list), 1, SCMP_A0(SCMP_CMP_EQ, 0));
seccomp_rule_add(scmp, SCMP_ACT_ALLOW, SCMP_SYS(get_robust_list), 1, SCMP_A0(SCMP_CMP_EQ, 0));
seccomp_rule_add(scmp, SCMP_ACT_ALLOW, SCMP_SYS(clone), 0); // curl wants to spawn threads
seccomp_rule_add(scmp, SCMP_ACT_ALLOW, SCMP_SYS(mmap), 0);