seccomp: more filtered syscalls

This commit is contained in:
bol-van 2022-12-05 14:38:39 +03:00
parent 0770dee8d5
commit 2dc13abb5d
19 changed files with 40 additions and 2 deletions

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

View File

@ -50,6 +50,9 @@ SYS_fork,
#ifdef SYS_vfork #ifdef SYS_vfork
SYS_vfork, SYS_vfork,
#endif #endif
#ifdef SYS_uselib
SYS_uselib,
#endif
#ifdef SYS_unlink #ifdef SYS_unlink
SYS_unlink, SYS_unlink,
#endif #endif
@ -112,7 +115,23 @@ SYS_rename,
#ifdef SYS_renameat2 #ifdef SYS_renameat2
SYS_renameat2, SYS_renameat2,
#endif #endif
SYS_renameat SYS_renameat,
#ifdef SYS_process_vm_readv
SYS_process_vm_readv,
#endif
#ifdef SYS_process_vm_writev
SYS_process_vm_writev,
#endif
#ifdef SYS_process_vm_madvise
SYS_process_madvise,
#endif
#ifdef SYS_tkill
SYS_tkill,
#endif
#ifdef SYS_tgkill
SYS_tgkill,
#endif
SYS_kill, SYS_ptrace
}; };
#define BLOCKED_SYSCALL_COUNT (sizeof(blocked_syscalls)/sizeof(*blocked_syscalls)) #define BLOCKED_SYSCALL_COUNT (sizeof(blocked_syscalls)/sizeof(*blocked_syscalls))

View File

@ -50,6 +50,9 @@ SYS_fork,
#ifdef SYS_vfork #ifdef SYS_vfork
SYS_vfork, SYS_vfork,
#endif #endif
#ifdef SYS_uselib
SYS_uselib,
#endif
#ifdef SYS_unlink #ifdef SYS_unlink
SYS_unlink, SYS_unlink,
#endif #endif
@ -112,7 +115,23 @@ SYS_rename,
#ifdef SYS_renameat2 #ifdef SYS_renameat2
SYS_renameat2, SYS_renameat2,
#endif #endif
SYS_renameat SYS_renameat,
#ifdef SYS_process_vm_readv
SYS_process_vm_readv,
#endif
#ifdef SYS_process_vm_writev
SYS_process_vm_writev,
#endif
#ifdef SYS_process_vm_madvise
SYS_process_madvise,
#endif
#ifdef SYS_tkill
SYS_tkill,
#endif
#ifdef SYS_tgkill
SYS_tgkill,
#endif
SYS_kill, SYS_ptrace
}; };
#define BLOCKED_SYSCALL_COUNT (sizeof(blocked_syscalls)/sizeof(*blocked_syscalls)) #define BLOCKED_SYSCALL_COUNT (sizeof(blocked_syscalls)/sizeof(*blocked_syscalls))