kore

An easy to use, scalable and secure web application framework for writing web APIs in C.
Commits | Files | Refs | README | LICENSE | git clone https://git.kore.io/kore.git

commit 28ea1b3c7e604729b740fe95c206dd897940c09d
parent 7290944bf3ec88dae5bc977a03f578b440cf0853
Author: Frederic Cambus <fred@statdns.com>
Date:   Thu, 17 Sep 2020 12:16:13 +0200

Add missing tests for SYS_mmap, fixes the build on arm.

Diffstat:
src/acme.c | 2++
src/keymgr.c | 2++
src/seccomp.c | 4++++
3 files changed, 8 insertions(+), 0 deletions(-)

diff --git a/src/acme.c b/src/acme.c @@ -84,7 +84,9 @@ static struct sock_filter filter_acme[] = { KORE_SYSCALL_ALLOW(exit), KORE_SYSCALL_ALLOW(brk), +#if defined(SYS_mmap) KORE_SYSCALL_ALLOW(mmap), +#endif KORE_SYSCALL_ALLOW(ioctl), KORE_SYSCALL_ALLOW(uname), KORE_SYSCALL_ALLOW(munmap), diff --git a/src/keymgr.c b/src/keymgr.c @@ -120,7 +120,9 @@ static struct sock_filter filter_keymgr[] = { /* Other things. */ KORE_SYSCALL_ALLOW(brk), +#if defined(SYS_mmap) KORE_SYSCALL_ALLOW(mmap), +#endif KORE_SYSCALL_ALLOW(munmap), KORE_SYSCALL_ALLOW(clock_gettime), #if defined(__NR_getrandom) diff --git a/src/seccomp.c b/src/seccomp.c @@ -94,10 +94,14 @@ static struct sock_filter filter_kore[] = { KORE_SYSCALL_ALLOW(munmap), /* Deny mmap/mprotect calls with PROT_EXEC/PROT_WRITE protection. */ +#if defined(SYS_mmap) KORE_SYSCALL_DENY_WITH_FLAG(mmap, 2, PROT_EXEC | PROT_WRITE, EINVAL), +#endif KORE_SYSCALL_DENY_WITH_FLAG(mprotect, 2, PROT_EXEC, EINVAL), +#if defined(SYS_mmap) KORE_SYSCALL_ALLOW(mmap), +#endif KORE_SYSCALL_ALLOW(madvise), KORE_SYSCALL_ALLOW(mprotect),