note about getrandom with syscall whitelists
This commit is contained in:
parent
b40ba9754b
commit
64a1f59020
@ -666,6 +666,12 @@ System calls used by all build configurations:
|
|||||||
* `munmap`
|
* `munmap`
|
||||||
* `write(STDERR_FILENO, buf, len)` (before aborting due to memory corruption)
|
* `write(STDERR_FILENO, buf, len)` (before aborting due to memory corruption)
|
||||||
|
|
||||||
|
The main distinction from a typical malloc implementation is the use of
|
||||||
|
getrandom. A common compatibility issue is that existing system call whitelists
|
||||||
|
often omit getrandom partly due to older code using the legacy `/dev/urandom`
|
||||||
|
interface along with the overall lack of security features in mainstream libc
|
||||||
|
implementations.
|
||||||
|
|
||||||
Additional system calls when `CONFIG_SEAL_METADATA=true` is set:
|
Additional system calls when `CONFIG_SEAL_METADATA=true` is set:
|
||||||
|
|
||||||
* `pkey_alloc`
|
* `pkey_alloc`
|
||||||
|
Loading…
Reference in New Issue
Block a user