Add stat64() to keymgr seccomp whitelist.

Add unlink and rename system calls to whitelist.
The keymgr uses these when handling entropy files.
2023-11-28 09:23:08 +01:00 · 2023-11-28 09:22:05 +01:00
1 changed files with 11 additions and 0 deletions
--- a/src/keymgr_openssl.c
+++ b/src/keymgr_openssl.c
@ -85,6 +85,14 @@ static struct sock_filter filter_keymgr[] = {
 	/* Deny these, but with EACCESS instead of dying. */
 	KORE_SYSCALL_DENY(ioctl, EACCES),

+	/* Entropy handling. */
+#if defined(SYS_unlink)
+	KORE_SYSCALL_ALLOW(unlink),
+#endif
+#if defined(SYS_rename)
+	KORE_SYSCALL_ALLOW(rename),
+#endif
+
 	/* Required to deal with private keys and certs. */
 #if defined(SYS_open)
 	KORE_SYSCALL_ALLOW(open),
@ -97,6 +105,9 @@ static struct sock_filter filter_keymgr[] = {
 	KORE_SYSCALL_ALLOW(stat),
 #endif
 	KORE_SYSCALL_ALLOW(fstat),
+#if defined(SYS_stat64)
+	KORE_SYSCALL_ALLOW(stat64),
+#endif
 #if defined(SYS_fstat64)
 	KORE_SYSCALL_ALLOW(fstat64),
 #endif
Author	SHA1	Message	Date
Joris Vink	4df120704d	Add stat64() to keymgr seccomp whitelist.	2023-11-28 09:23:08 +01:00
Joris Vink	ff5a3982ce	Add unlink and rename system calls to whitelist. The keymgr uses these when handling entropy files.	2023-11-28 09:22:05 +01:00