Fix the syscall whitelist to permit syscalls needed to properly log via
glibc syslog.
This commit is contained in:
parent
f8773742c9
commit
4c52accd62
@ -118,13 +118,17 @@ static int enforce_seccomp(void)
|
|||||||
ALLOW_SYSCALL(sendto), // used for glibc syslog routines
|
ALLOW_SYSCALL(sendto), // used for glibc syslog routines
|
||||||
ALLOW_SYSCALL(epoll_wait),
|
ALLOW_SYSCALL(epoll_wait),
|
||||||
ALLOW_SYSCALL(epoll_ctl),
|
ALLOW_SYSCALL(epoll_ctl),
|
||||||
ALLOW_SYSCALL(clock_gettime),
|
|
||||||
ALLOW_SYSCALL(close),
|
ALLOW_SYSCALL(close),
|
||||||
ALLOW_SYSCALL(socket),
|
|
||||||
ALLOW_SYSCALL(getsockopt),
|
|
||||||
ALLOW_SYSCALL(accept),
|
ALLOW_SYSCALL(accept),
|
||||||
ALLOW_SYSCALL(listen),
|
ALLOW_SYSCALL(socket),
|
||||||
ALLOW_SYSCALL(ioctl),
|
ALLOW_SYSCALL(ioctl),
|
||||||
|
ALLOW_SYSCALL(getsockopt),
|
||||||
|
ALLOW_SYSCALL(getsockname),
|
||||||
|
ALLOW_SYSCALL(listen),
|
||||||
|
ALLOW_SYSCALL(open),
|
||||||
|
ALLOW_SYSCALL(fstat),
|
||||||
|
ALLOW_SYSCALL(connect),
|
||||||
|
ALLOW_SYSCALL(recvmsg),
|
||||||
ALLOW_SYSCALL(fsync),
|
ALLOW_SYSCALL(fsync),
|
||||||
ALLOW_SYSCALL(lseek),
|
ALLOW_SYSCALL(lseek),
|
||||||
ALLOW_SYSCALL(truncate),
|
ALLOW_SYSCALL(truncate),
|
||||||
@ -141,6 +145,7 @@ static int enforce_seccomp(void)
|
|||||||
ALLOW_SYSCALL(getcpu),
|
ALLOW_SYSCALL(getcpu),
|
||||||
ALLOW_SYSCALL(time),
|
ALLOW_SYSCALL(time),
|
||||||
ALLOW_SYSCALL(gettimeofday),
|
ALLOW_SYSCALL(gettimeofday),
|
||||||
|
ALLOW_SYSCALL(clock_gettime),
|
||||||
|
|
||||||
ALLOW_SYSCALL(exit_group),
|
ALLOW_SYSCALL(exit_group),
|
||||||
ALLOW_SYSCALL(exit),
|
ALLOW_SYSCALL(exit),
|
||||||
|
Loading…
Reference in New Issue
Block a user