commit a9dbcf88b38b85e35507c7ff53609608b6eab160
parent e9004146b9949e2113ff68f6e379fd56069fc382
Author: Frederic Cambus <fred@statdns.com>
Date: Sat, 26 Oct 2019 21:49:22 +0200
Allow the openat, read, and write syscalls, they are used on glibc systems.
Diffstat:
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/src/seccomp.h b/src/seccomp.h
@@ -36,14 +36,15 @@ static struct sock_filter filter[] = {
ANSILOVE_SYSCALL_ALLOW(lseek),
#if defined(SYS_open)
ANSILOVE_SYSCALL_ALLOW(open),
-#else
- ANSILOVE_SYSCALL_ALLOW(openat),
#endif
+ ANSILOVE_SYSCALL_ALLOW(openat),
ANSILOVE_SYSCALL_ALLOW(madvise),
ANSILOVE_SYSCALL_ALLOW(mmap),
ANSILOVE_SYSCALL_ALLOW(mremap),
ANSILOVE_SYSCALL_ALLOW(munmap),
+ ANSILOVE_SYSCALL_ALLOW(read),
ANSILOVE_SYSCALL_ALLOW(readv),
+ ANSILOVE_SYSCALL_ALLOW(write),
ANSILOVE_SYSCALL_ALLOW(writev),
BPF_STMT(BPF_RET+BPF_K, SECCOMP_RET_KILL)