kore

An easy to use, scalable and secure web application framework for writing web APIs in C.
Commits | Files | Refs | README | LICENSE | git clone https://git.kore.io/kore.git

commit 54ca865c11cf1179f07a65577be75931c2987e6a
parent 68e90507f45ddb1ef7197f05e73c86c89c6b358d
Author: Joris Vink <joris@coders.se>
Date:   Wed, 25 Sep 2019 15:04:12 +0200

add a few more syscalls for keymgr.

different platforms may do different things

Diffstat:
src/keymgr.c | 5+++++
src/seccomp.c | 5++++-
2 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/src/keymgr.c b/src/keymgr.c @@ -66,6 +66,7 @@ static struct sock_filter filter_keymgr[] = { KORE_SYSCALL_ALLOW(openat), /* Net related. */ + KORE_SYSCALL_ALLOW(poll), KORE_SYSCALL_ALLOW(read), KORE_SYSCALL_ALLOW(write), KORE_SYSCALL_ALLOW(epoll_wait), @@ -73,6 +74,7 @@ static struct sock_filter filter_keymgr[] = { /* Process things. */ KORE_SYSCALL_ALLOW(exit), KORE_SYSCALL_ALLOW(kill), + KORE_SYSCALL_ALLOW(getuid), KORE_SYSCALL_ALLOW(getpid), KORE_SYSCALL_ALLOW(arch_prctl), KORE_SYSCALL_ALLOW(exit_group), @@ -81,8 +83,11 @@ static struct sock_filter filter_keymgr[] = { KORE_SYSCALL_ALLOW(rt_sigaction), /* Other things. */ + KORE_SYSCALL_ALLOW(mmap), KORE_SYSCALL_ALLOW(munmap), +#if defined(__NR_getrandom) KORE_SYSCALL_ALLOW(getrandom), +#endif }; #endif diff --git a/src/seccomp.c b/src/seccomp.c @@ -76,11 +76,14 @@ static struct sock_filter filter_kore[] = { /* "Other" without clear category. */ KORE_SYSCALL_ALLOW(futex), - KORE_SYSCALL_ALLOW(getrandom), KORE_SYSCALL_ALLOW(sigaltstack), KORE_SYSCALL_ALLOW(rt_sigreturn), KORE_SYSCALL_ALLOW(rt_sigaction), KORE_SYSCALL_ALLOW(clock_gettime), + +#if defined(__NR_getrandom) + KORE_SYSCALL_ALLOW(getrandom), +#endif }; /* bpf program prologue. */