Fix the syscall whitelist to permit syscalls needed to properly log via

glibc syslog.
This commit is contained in:
Nicholas J. Kain 2013-05-08 08:10:57 -04:00
parent f8773742c9
commit 4c52accd62

View File

@ -118,13 +118,17 @@ static int enforce_seccomp(void)
ALLOW_SYSCALL(sendto), // used for glibc syslog routines ALLOW_SYSCALL(sendto), // used for glibc syslog routines
ALLOW_SYSCALL(epoll_wait), ALLOW_SYSCALL(epoll_wait),
ALLOW_SYSCALL(epoll_ctl), ALLOW_SYSCALL(epoll_ctl),
ALLOW_SYSCALL(clock_gettime),
ALLOW_SYSCALL(close), ALLOW_SYSCALL(close),
ALLOW_SYSCALL(socket),
ALLOW_SYSCALL(getsockopt),
ALLOW_SYSCALL(accept), ALLOW_SYSCALL(accept),
ALLOW_SYSCALL(listen), ALLOW_SYSCALL(socket),
ALLOW_SYSCALL(ioctl), ALLOW_SYSCALL(ioctl),
ALLOW_SYSCALL(getsockopt),
ALLOW_SYSCALL(getsockname),
ALLOW_SYSCALL(listen),
ALLOW_SYSCALL(open),
ALLOW_SYSCALL(fstat),
ALLOW_SYSCALL(connect),
ALLOW_SYSCALL(recvmsg),
ALLOW_SYSCALL(fsync), ALLOW_SYSCALL(fsync),
ALLOW_SYSCALL(lseek), ALLOW_SYSCALL(lseek),
ALLOW_SYSCALL(truncate), ALLOW_SYSCALL(truncate),
@ -141,6 +145,7 @@ static int enforce_seccomp(void)
ALLOW_SYSCALL(getcpu), ALLOW_SYSCALL(getcpu),
ALLOW_SYSCALL(time), ALLOW_SYSCALL(time),
ALLOW_SYSCALL(gettimeofday), ALLOW_SYSCALL(gettimeofday),
ALLOW_SYSCALL(clock_gettime),
ALLOW_SYSCALL(exit_group), ALLOW_SYSCALL(exit_group),
ALLOW_SYSCALL(exit), ALLOW_SYSCALL(exit),