kore

Kore is a web application platform for writing scalable, concurrent web based processes in C or Python.
Commits | Files | Refs | README | LICENSE | git clone https://git.kore.io/kore.git

commit e2dbda88b6501a4063892d795e700dc2667c5528
parent 208b0e868fa45d6ababed786d5745feaf93a45c2
Author: Joris Vink <joris@coders.se>
Date:   Thu,  6 Apr 2023 10:16:06 +0200

More seccomp work.

Diffstat:
src/curl.c | 10++++++++--
1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/src/curl.c b/src/curl.c @@ -30,6 +30,7 @@ static struct sock_filter filter_curl[] = { KORE_SYSCALL_ALLOW(bind), KORE_SYSCALL_ALLOW(ioctl), KORE_SYSCALL_ALLOW(connect), + KORE_SYSCALL_ALLOW(socketpair), KORE_SYSCALL_ALLOW(getsockopt), KORE_SYSCALL_ALLOW(getsockname), KORE_SYSCALL_ALLOW_ARG(socket, 0, AF_INET), @@ -38,14 +39,14 @@ static struct sock_filter filter_curl[] = { KORE_SYSCALL_ALLOW_ARG(socket, 0, AF_NETLINK), /* Threading related. */ - KORE_SYSCALL_ALLOW(clone), - KORE_SYSCALL_ALLOW(set_robust_list), #if defined(SYS_clone3) KORE_SYSCALL_ALLOW(clone3), #endif #if defined(SYS_rseq) KORE_SYSCALL_ALLOW(rseq), #endif + KORE_SYSCALL_ALLOW(clone), + KORE_SYSCALL_ALLOW(set_robust_list), /* Other */ KORE_SYSCALL_ALLOW(uname), @@ -56,6 +57,11 @@ static struct sock_filter filter_curl[] = { KORE_SYSCALL_ALLOW(faccessat), KORE_SYSCALL_ALLOW(newfstatat), KORE_SYSCALL_ALLOW(getpeername), + +#if defined(SYS_getdents64) + KORE_SYSCALL_ALLOW(getdents64), +#endif + }; #endif