commit 54ca865c11cf1179f07a65577be75931c2987e6a
parent 68e90507f45ddb1ef7197f05e73c86c89c6b358d
Author: Joris Vink <joris@coders.se>
Date: Wed, 25 Sep 2019 15:04:12 +0200
add a few more syscalls for keymgr.
different platforms may do different things
Diffstat:
2 files changed, 9 insertions(+), 1 deletion(-)
diff --git a/src/keymgr.c b/src/keymgr.c
@@ -66,6 +66,7 @@ static struct sock_filter filter_keymgr[] = {
KORE_SYSCALL_ALLOW(openat),
/* Net related. */
+ KORE_SYSCALL_ALLOW(poll),
KORE_SYSCALL_ALLOW(read),
KORE_SYSCALL_ALLOW(write),
KORE_SYSCALL_ALLOW(epoll_wait),
@@ -73,6 +74,7 @@ static struct sock_filter filter_keymgr[] = {
/* Process things. */
KORE_SYSCALL_ALLOW(exit),
KORE_SYSCALL_ALLOW(kill),
+ KORE_SYSCALL_ALLOW(getuid),
KORE_SYSCALL_ALLOW(getpid),
KORE_SYSCALL_ALLOW(arch_prctl),
KORE_SYSCALL_ALLOW(exit_group),
@@ -81,8 +83,11 @@ static struct sock_filter filter_keymgr[] = {
KORE_SYSCALL_ALLOW(rt_sigaction),
/* Other things. */
+ KORE_SYSCALL_ALLOW(mmap),
KORE_SYSCALL_ALLOW(munmap),
+#if defined(__NR_getrandom)
KORE_SYSCALL_ALLOW(getrandom),
+#endif
};
#endif
diff --git a/src/seccomp.c b/src/seccomp.c
@@ -76,11 +76,14 @@ static struct sock_filter filter_kore[] = {
/* "Other" without clear category. */
KORE_SYSCALL_ALLOW(futex),
- KORE_SYSCALL_ALLOW(getrandom),
KORE_SYSCALL_ALLOW(sigaltstack),
KORE_SYSCALL_ALLOW(rt_sigreturn),
KORE_SYSCALL_ALLOW(rt_sigaction),
KORE_SYSCALL_ALLOW(clock_gettime),
+
+#if defined(__NR_getrandom)
+ KORE_SYSCALL_ALLOW(getrandom),
+#endif
};
/* bpf program prologue. */
