kore

Kore is a web application platform for writing scalable, concurrent web based processes in C or Python.
Commits | Files | Refs | README | LICENSE | git clone https://git.kore.io/kore.git
commit 208b0e868fa45d6ababed786d5745feaf93a45c2
parent 4974a769d4864b0ba2e937c12924db6cb4312285
Author: Joris Vink <joris@coders.se>
Date:   Thu,  6 Apr 2023 09:33:48 +0200

add more syscalls to seccomp whitelists.

Diffstat:

src/acme.c | 6++++++


src/curl.c | 6++++++


src/tasks.c | 6++++++


3 files changed, 18 insertions(+), 0 deletions(-)

diff --git a/src/acme.c b/src/acme.c
@@ -112,6 +112,12 @@ static struct sock_filter filter_acme[] = {
 	KORE_SYSCALL_ALLOW(clone),
 	KORE_SYSCALL_ALLOW(membarrier),
 	KORE_SYSCALL_ALLOW(set_robust_list),
+#if defined(SYS_clone3)
+	KORE_SYSCALL_ALLOW(clone3),
+#endif
+#if defined(SYS_rseq)
+	KORE_SYSCALL_ALLOW(rseq),
+#endif
 };
 #endif
 
diff --git a/src/curl.c b/src/curl.c
@@ -40,6 +40,12 @@ static struct sock_filter filter_curl[] = {
 	/* Threading related. */
 	KORE_SYSCALL_ALLOW(clone),
 	KORE_SYSCALL_ALLOW(set_robust_list),
+#if defined(SYS_clone3)
+	KORE_SYSCALL_ALLOW(clone3),
+#endif
+#if defined(SYS_rseq)
+	KORE_SYSCALL_ALLOW(rseq),
+#endif
 
 	/* Other */
 	KORE_SYSCALL_ALLOW(uname),
diff --git a/src/tasks.c b/src/tasks.c
@@ -33,6 +33,12 @@ static struct sock_filter filter_task[] = {
 	KORE_SYSCALL_ALLOW(clone),
 	KORE_SYSCALL_ALLOW(socketpair),
 	KORE_SYSCALL_ALLOW(set_robust_list),
+#if defined(SYS_clone3)
+	KORE_SYSCALL_ALLOW(clone3),
+#endif
+#if defined(SYS_rseq)
+	KORE_SYSCALL_ALLOW(rseq),
+#endif
 };
 #endif