forked from mirrors/kore
more seccomp adjustments in acme process
This commit is contained in:
parent
1a0fb72923
commit
f8524392e8
|
@ -54,10 +54,14 @@
|
||||||
/* The syscalls our acme worker is allowed to perform, only. */
|
/* The syscalls our acme worker is allowed to perform, only. */
|
||||||
static struct sock_filter filter_acme[] = {
|
static struct sock_filter filter_acme[] = {
|
||||||
/* Net related. */
|
/* Net related. */
|
||||||
|
#if defined(SYS_poll)
|
||||||
KORE_SYSCALL_ALLOW(poll),
|
KORE_SYSCALL_ALLOW(poll),
|
||||||
|
#endif
|
||||||
KORE_SYSCALL_ALLOW(sendto),
|
KORE_SYSCALL_ALLOW(sendto),
|
||||||
KORE_SYSCALL_ALLOW(recvfrom),
|
KORE_SYSCALL_ALLOW(recvfrom),
|
||||||
|
#if defined(SYS_epoll_wait)
|
||||||
KORE_SYSCALL_ALLOW(epoll_wait),
|
KORE_SYSCALL_ALLOW(epoll_wait),
|
||||||
|
#endif
|
||||||
KORE_SYSCALL_ALLOW(epoll_pwait),
|
KORE_SYSCALL_ALLOW(epoll_pwait),
|
||||||
|
|
||||||
/* Process things. */
|
/* Process things. */
|
||||||
|
|
Loading…
Reference in New Issue