commit e2dbda88b6501a4063892d795e700dc2667c5528
parent 208b0e868fa45d6ababed786d5745feaf93a45c2
Author: Joris Vink <joris@coders.se>
Date: Thu, 6 Apr 2023 10:16:06 +0200
More seccomp work.
Diffstat:
1 file changed, 8 insertions(+), 2 deletions(-)
diff --git a/src/curl.c b/src/curl.c
@@ -30,6 +30,7 @@ static struct sock_filter filter_curl[] = {
KORE_SYSCALL_ALLOW(bind),
KORE_SYSCALL_ALLOW(ioctl),
KORE_SYSCALL_ALLOW(connect),
+ KORE_SYSCALL_ALLOW(socketpair),
KORE_SYSCALL_ALLOW(getsockopt),
KORE_SYSCALL_ALLOW(getsockname),
KORE_SYSCALL_ALLOW_ARG(socket, 0, AF_INET),
@@ -38,14 +39,14 @@ static struct sock_filter filter_curl[] = {
KORE_SYSCALL_ALLOW_ARG(socket, 0, AF_NETLINK),
/* Threading related. */
- KORE_SYSCALL_ALLOW(clone),
- KORE_SYSCALL_ALLOW(set_robust_list),
#if defined(SYS_clone3)
KORE_SYSCALL_ALLOW(clone3),
#endif
#if defined(SYS_rseq)
KORE_SYSCALL_ALLOW(rseq),
#endif
+ KORE_SYSCALL_ALLOW(clone),
+ KORE_SYSCALL_ALLOW(set_robust_list),
/* Other */
KORE_SYSCALL_ALLOW(uname),
@@ -56,6 +57,11 @@ static struct sock_filter filter_curl[] = {
KORE_SYSCALL_ALLOW(faccessat),
KORE_SYSCALL_ALLOW(newfstatat),
KORE_SYSCALL_ALLOW(getpeername),
+
+#if defined(SYS_getdents64)
+ KORE_SYSCALL_ALLOW(getdents64),
+#endif
+
};
#endif
