commit 28ea1b3c7e604729b740fe95c206dd897940c09d
parent 7290944bf3ec88dae5bc977a03f578b440cf0853
Author: Frederic Cambus <fred@statdns.com>
Date: Thu, 17 Sep 2020 12:16:13 +0200
Add missing tests for SYS_mmap, fixes the build on arm.
Diffstat:
3 files changed, 8 insertions(+), 0 deletions(-)
diff --git a/src/acme.c b/src/acme.c
@@ -84,7 +84,9 @@ static struct sock_filter filter_acme[] = {
KORE_SYSCALL_ALLOW(exit),
KORE_SYSCALL_ALLOW(brk),
+#if defined(SYS_mmap)
KORE_SYSCALL_ALLOW(mmap),
+#endif
KORE_SYSCALL_ALLOW(ioctl),
KORE_SYSCALL_ALLOW(uname),
KORE_SYSCALL_ALLOW(munmap),
diff --git a/src/keymgr.c b/src/keymgr.c
@@ -120,7 +120,9 @@ static struct sock_filter filter_keymgr[] = {
/* Other things. */
KORE_SYSCALL_ALLOW(brk),
+#if defined(SYS_mmap)
KORE_SYSCALL_ALLOW(mmap),
+#endif
KORE_SYSCALL_ALLOW(munmap),
KORE_SYSCALL_ALLOW(clock_gettime),
#if defined(__NR_getrandom)
diff --git a/src/seccomp.c b/src/seccomp.c
@@ -94,10 +94,14 @@ static struct sock_filter filter_kore[] = {
KORE_SYSCALL_ALLOW(munmap),
/* Deny mmap/mprotect calls with PROT_EXEC/PROT_WRITE protection. */
+#if defined(SYS_mmap)
KORE_SYSCALL_DENY_WITH_FLAG(mmap, 2, PROT_EXEC | PROT_WRITE, EINVAL),
+#endif
KORE_SYSCALL_DENY_WITH_FLAG(mprotect, 2, PROT_EXEC, EINVAL),
+#if defined(SYS_mmap)
KORE_SYSCALL_ALLOW(mmap),
+#endif
KORE_SYSCALL_ALLOW(madvise),
KORE_SYSCALL_ALLOW(mprotect),
