Add unlink and rename system calls to whitelist. - kore - Kore is a web application platform for writing scalable, concurrent web based processes in C or Python.

commit ff5a3982cec8ab5eeabf487788663a2097fd2ea1
parent dad6cc7bfe1e922fc44308c96d9cb66d6b7aa78f
Author: Joris Vink <joris@sanctorum.se>
Date:   Tue, 28 Nov 2023 09:22:05 +0100

Add unlink and rename system calls to whitelist.

The keymgr uses these when handling entropy files.

Diffstat:
src/keymgr_openssl.c  | 8 ++++++++

1 file changed, 8 insertions(+), 0 deletions(-)
diff --git a/src/keymgr_openssl.c b/src/keymgr_openssl.c
@@ -85,6 +85,14 @@ static struct sock_filter filter_keymgr[] = {
 	/* Deny these, but with EACCESS instead of dying. */
 	KORE_SYSCALL_DENY(ioctl, EACCES),
 
+	/* Entropy handling. */
+#if defined(SYS_unlink)
+	KORE_SYSCALL_ALLOW(unlink),
+#endif
+#if defined(SYS_rename)
+	KORE_SYSCALL_ALLOW(rename),
+#endif
+
 	/* Required to deal with private keys and certs. */
 #if defined(SYS_open)
 	KORE_SYSCALL_ALLOW(open),

	kore Kore is a web application platform for writing scalable, concurrent web based processes in C or Python.
	Commits \| Files \| Refs \| README \| LICENSE \| git clone https://git.kore.io/kore.git