add a few more syscalls for keymgr.

different platforms may do different things
2019-09-25 15:04:12 +02:00 · 2019-09-25 15:04:12 +02:00 · 54ca865c11
parent 68e90507f4
commit 54ca865c11
2 changed files with 9 additions and 1 deletions
--- a/src/keymgr.c
+++ b/src/keymgr.c
@ -66,6 +66,7 @@ static struct sock_filter filter_keymgr[] = {
 	KORE_SYSCALL_ALLOW(openat),

 	/* Net related. */
+	KORE_SYSCALL_ALLOW(poll),
 	KORE_SYSCALL_ALLOW(read),
 	KORE_SYSCALL_ALLOW(write),
 	KORE_SYSCALL_ALLOW(epoll_wait),
@ -73,6 +74,7 @@ static struct sock_filter filter_keymgr[] = {
 	/* Process things. */
 	KORE_SYSCALL_ALLOW(exit),
 	KORE_SYSCALL_ALLOW(kill),
+	KORE_SYSCALL_ALLOW(getuid),
 	KORE_SYSCALL_ALLOW(getpid),
 	KORE_SYSCALL_ALLOW(arch_prctl),
 	KORE_SYSCALL_ALLOW(exit_group),
@ -81,8 +83,11 @@ static struct sock_filter filter_keymgr[] = {
 	KORE_SYSCALL_ALLOW(rt_sigaction),

 	/* Other things. */
+	KORE_SYSCALL_ALLOW(mmap),
 	KORE_SYSCALL_ALLOW(munmap),
+#if defined(__NR_getrandom)
 	KORE_SYSCALL_ALLOW(getrandom),
+#endif
 };
 #endif

--- a/src/seccomp.c
+++ b/src/seccomp.c
@ -76,11 +76,14 @@ static struct sock_filter filter_kore[] = {

 	/* "Other" without clear category. */
 	KORE_SYSCALL_ALLOW(futex),
-	KORE_SYSCALL_ALLOW(getrandom),
 	KORE_SYSCALL_ALLOW(sigaltstack),
 	KORE_SYSCALL_ALLOW(rt_sigreturn),
 	KORE_SYSCALL_ALLOW(rt_sigaction),
 	KORE_SYSCALL_ALLOW(clock_gettime),
+
+#if defined(__NR_getrandom)
+	KORE_SYSCALL_ALLOW(getrandom),
+#endif
 };

 /* bpf program prologue. */