seccomp: Adjust list of allowed syscalls for armv6l, armv7l

It looks like glibc commonly implements clock_gettime(2) with
clock_gettime64(), and uses recv() instead of recvfrom(), send()
instead of sendto(), and sigreturn() instead of rt_sigreturn() on
armv6l and armv7l.

Adjust the list of system calls for armv6l and armv7l accordingly.

Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
This commit is contained in:
Stefano Brivio 2022-02-26 23:39:19 +01:00
parent a095fbc457
commit 6d661dc5b2
3 changed files with 9 additions and 5 deletions

View file

@ -297,9 +297,11 @@ void exit_handler(int signal)
* *
* #syscalls read write writev * #syscalls read write writev
* #syscalls socket bind connect getsockopt setsockopt s390x:socketcall close * #syscalls socket bind connect getsockopt setsockopt s390x:socketcall close
* #syscalls recvfrom sendto shutdown ppc64le:recv ppc64le:send * #syscalls recvfrom sendto shutdown
* #syscalls accept4|accept listen * #syscalls armv6l:recv armv7l:recv ppc64le:recv
* #syscalls epoll_ctl epoll_wait|epoll_pwait epoll_pwait clock_gettime * #syscalls armv6l:send armv7l:send ppc64le:send
* #syscalls accept4|accept listen epoll_ctl epoll_wait|epoll_pwait epoll_pwait
* #syscalls clock_gettime armv6l:clock_gettime64 armv7l:clock_gettime64
*/ */
int main(int argc, char **argv) int main(int argc, char **argv)
{ {

View file

@ -12,7 +12,8 @@
* Author: Stefano Brivio <sbrivio@redhat.com> * Author: Stefano Brivio <sbrivio@redhat.com>
* *
* #syscalls:pasta clone waitid exit exit_group rt_sigprocmask * #syscalls:pasta clone waitid exit exit_group rt_sigprocmask
* #syscalls:pasta rt_sigreturn|sigreturn ppc64:sigreturn s390x:sigreturn * #syscalls:pasta rt_sigreturn|sigreturn armv6l:sigreturn armv7l:sigreturn
* #syscalls:pasta ppc64:sigreturn s390x:sigreturn
*/ */
#include <sched.h> #include <sched.h>

3
util.c
View file

@ -441,7 +441,8 @@ char *line_read(char *buf, size_t len, int fd)
* @map: Bitmap where numbers of ports in listening state will be set * @map: Bitmap where numbers of ports in listening state will be set
* @exclude: Bitmap of ports to exclude from setting (and clear) * @exclude: Bitmap of ports to exclude from setting (and clear)
* *
* #syscalls:pasta lseek ppc64le:_llseek ppc64:_llseek * #syscalls:pasta lseek
* #syscalls:pasta ppc64le:_llseek ppc64:_llseek armv6l:_llseek armv7l:_llseek
*/ */
void procfs_scan_listen(struct ctx *c, uint8_t proto, int ip_version, int ns, void procfs_scan_listen(struct ctx *c, uint8_t proto, int ip_version, int ns,
uint8_t *map, uint8_t *exclude) uint8_t *map, uint8_t *exclude)