40 lines
1.0 KiB
Diff
40 lines
1.0 KiB
Diff
|
From 0d4f4f2b239c687c1f815b66084a8cceae6fa1d4 Mon Sep 17 00:00:00 2001
|
||
|
From: Jeffy Chen <jeffy.chen@rock-chips.com>
|
||
|
Date: Mon, 19 Sep 2022 17:49:57 +0800
|
||
|
Subject: [PATCH] HACK: seccomp: Allow new syscalls for old {arm, aarch64}
|
||
|
|
||
|
The new glibc would try new syscalls unconditionally.
|
||
|
|
||
|
Signed-off-by: Jeffy Chen <jeffy.chen@rock-chips.com>
|
||
|
---
|
||
|
sandbox-seccomp-filter.c | 6 ++++++
|
||
|
1 file changed, 6 insertions(+)
|
||
|
|
||
|
diff --git a/sandbox-seccomp-filter.c b/sandbox-seccomp-filter.c
|
||
|
index 4ce80cb..a449a80 100644
|
||
|
--- a/sandbox-seccomp-filter.c
|
||
|
+++ b/sandbox-seccomp-filter.c
|
||
|
@@ -186,6 +186,10 @@ static const struct sock_filter preauth_insns[] = {
|
||
|
#endif
|
||
|
#ifdef __NR_statx
|
||
|
SC_DENY(__NR_statx, EACCES),
|
||
|
+#elif defined __arm__
|
||
|
+ SC_DENY(397, ENOSYS),
|
||
|
+#elif defined __aarch64__
|
||
|
+ SC_DENY(291, ENOSYS),
|
||
|
#endif
|
||
|
|
||
|
/* Syscalls to permit */
|
||
|
@@ -197,6 +201,8 @@ static const struct sock_filter preauth_insns[] = {
|
||
|
#endif
|
||
|
#ifdef __NR_clock_gettime64
|
||
|
SC_ALLOW(__NR_clock_gettime64),
|
||
|
+#else
|
||
|
+ SC_DENY(403, ENOSYS),
|
||
|
#endif
|
||
|
#ifdef __NR_close
|
||
|
SC_ALLOW(__NR_close),
|
||
|
--
|
||
|
2.20.1
|
||
|
|