mirror of https://git.kore.io/kore.git
More seccomp work.
This commit is contained in:
parent
208b0e868f
commit
e2dbda88b6
10
src/curl.c
10
src/curl.c
|
@ -30,6 +30,7 @@ static struct sock_filter filter_curl[] = {
|
|||
KORE_SYSCALL_ALLOW(bind),
|
||||
KORE_SYSCALL_ALLOW(ioctl),
|
||||
KORE_SYSCALL_ALLOW(connect),
|
||||
KORE_SYSCALL_ALLOW(socketpair),
|
||||
KORE_SYSCALL_ALLOW(getsockopt),
|
||||
KORE_SYSCALL_ALLOW(getsockname),
|
||||
KORE_SYSCALL_ALLOW_ARG(socket, 0, AF_INET),
|
||||
|
@ -38,14 +39,14 @@ static struct sock_filter filter_curl[] = {
|
|||
KORE_SYSCALL_ALLOW_ARG(socket, 0, AF_NETLINK),
|
||||
|
||||
/* Threading related. */
|
||||
KORE_SYSCALL_ALLOW(clone),
|
||||
KORE_SYSCALL_ALLOW(set_robust_list),
|
||||
#if defined(SYS_clone3)
|
||||
KORE_SYSCALL_ALLOW(clone3),
|
||||
#endif
|
||||
#if defined(SYS_rseq)
|
||||
KORE_SYSCALL_ALLOW(rseq),
|
||||
#endif
|
||||
KORE_SYSCALL_ALLOW(clone),
|
||||
KORE_SYSCALL_ALLOW(set_robust_list),
|
||||
|
||||
/* Other */
|
||||
KORE_SYSCALL_ALLOW(uname),
|
||||
|
@ -56,6 +57,11 @@ static struct sock_filter filter_curl[] = {
|
|||
KORE_SYSCALL_ALLOW(faccessat),
|
||||
KORE_SYSCALL_ALLOW(newfstatat),
|
||||
KORE_SYSCALL_ALLOW(getpeername),
|
||||
|
||||
#if defined(SYS_getdents64)
|
||||
KORE_SYSCALL_ALLOW(getdents64),
|
||||
#endif
|
||||
|
||||
};
|
||||
#endif
|
||||
|
||||
|
|
Loading…
Reference in New Issue