add more syscalls to seccomp whitelists.

2025-03-08 19:19:02 -05:00 · 2023-04-06 09:33:48 +02:00 · 2023-04-06 09:33:48 +02:00 · 208b0e868f
commit 208b0e868f
parent 4974a769d4
3 changed files with 18 additions and 0 deletions
--- a/src/acme.c
+++ b/src/acme.c
@ -112,6 +112,12 @@ static struct sock_filter filter_acme[] = {
 	KORE_SYSCALL_ALLOW(clone),
 	KORE_SYSCALL_ALLOW(membarrier),
 	KORE_SYSCALL_ALLOW(set_robust_list),
+#if defined(SYS_clone3)
+	KORE_SYSCALL_ALLOW(clone3),
+#endif
+#if defined(SYS_rseq)
+	KORE_SYSCALL_ALLOW(rseq),
+#endif
 };
 #endif

--- a/src/curl.c
+++ b/src/curl.c
@ -40,6 +40,12 @@ static struct sock_filter filter_curl[] = {
 	/* Threading related. */
 	KORE_SYSCALL_ALLOW(clone),
 	KORE_SYSCALL_ALLOW(set_robust_list),
+#if defined(SYS_clone3)
+	KORE_SYSCALL_ALLOW(clone3),
+#endif
+#if defined(SYS_rseq)
+	KORE_SYSCALL_ALLOW(rseq),
+#endif

 	/* Other */
 	KORE_SYSCALL_ALLOW(uname),
--- a/src/tasks.c
+++ b/src/tasks.c
@ -33,6 +33,12 @@ static struct sock_filter filter_task[] = {
 	KORE_SYSCALL_ALLOW(clone),
 	KORE_SYSCALL_ALLOW(socketpair),
 	KORE_SYSCALL_ALLOW(set_robust_list),
+#if defined(SYS_clone3)
+	KORE_SYSCALL_ALLOW(clone3),
+#endif
+#if defined(SYS_rseq)
+	KORE_SYSCALL_ALLOW(rseq),
+#endif
 };
 #endif