more seccomp adjustments in acme process

2019-11-05 13:20:03 +01:00 · 2019-11-05 13:20:03 +01:00 · f8524392e8
parent 1a0fb72923
commit f8524392e8
1 changed files with 4 additions and 0 deletions
--- a/src/acme.c
+++ b/src/acme.c
@ -54,10 +54,14 @@
 /* The syscalls our acme worker is allowed to perform, only. */
 static struct sock_filter filter_acme[] = {
 	/* Net related. */
+#if defined(SYS_poll)
 	KORE_SYSCALL_ALLOW(poll),
+#endif
 	KORE_SYSCALL_ALLOW(sendto),
 	KORE_SYSCALL_ALLOW(recvfrom),
+#if defined(SYS_epoll_wait)
 	KORE_SYSCALL_ALLOW(epoll_wait),
+#endif
 	KORE_SYSCALL_ALLOW(epoll_pwait),

 	/* Process things. */