diff options
| author | fanquake <fanquake@gmail.com> | 2021-10-12 08:46:50 +0800 |
|---|---|---|
| committer | fanquake <fanquake@gmail.com> | 2021-10-12 08:47:17 +0800 |
| commit | e418a8e675e4dbca9f9c3cf7dd4633aa3c6c196e (patch) | |
| tree | 20807ef54f7d84d43ab5e4793e31f4caa61d5e69 | |
| parent | 1790a8ddacae0d52135f5020894ef1ceef625cf9 (diff) | |
| parent | fab40732a95711abadc22c3689f248753341a481 (diff) | |
Merge bitcoin/bitcoin#23255: util: Add mincore and clone3 to syscall sandbox
fab40732a95711abadc22c3689f248753341a481 util: Add mincore and clone3 to syscall sandbox (MarcoFalke)
Pull request description:
Closes #23248
ACKs for top commit:
practicalswift:
cr ACK fab40732a95711abadc22c3689f248753341a481
laanwj:
ACK fab40732a95711abadc22c3689f248753341a481
fanquake:
ACK fab40732a95711abadc22c3689f248753341a481
Tree-SHA512: a8eb6b1844e40880163d2c52022dc4f84a53fae4d82fc651e456f527eca455dec32bbf960dac4366915c8a73d57b546b0b18f11b4da031962f7f775f2ca8c112
| -rw-r--r-- | src/util/syscall_sandbox.cpp | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/src/util/syscall_sandbox.cpp b/src/util/syscall_sandbox.cpp index 7e76ecbf3a..b361b09568 100644 --- a/src/util/syscall_sandbox.cpp +++ b/src/util/syscall_sandbox.cpp @@ -46,6 +46,12 @@ bool g_syscall_sandbox_log_violation_before_terminating{false}; // Define system call numbers for x86_64 that are referenced in the system call profile // but not provided by the kernel headers used in the GUIX build. +// Usually, they can be found via "grep name /usr/include/x86_64-linux-gnu/asm/unistd_64.h" + +#ifndef __NR_clone3 +#define __NR_clone3 435 +#endif + #ifndef __NR_statx #define __NR_statx 332 #endif @@ -115,6 +121,7 @@ const std::map<uint32_t, std::string> LINUX_SYSCALLS{ {__NR_clock_nanosleep, "clock_nanosleep"}, {__NR_clock_settime, "clock_settime"}, {__NR_clone, "clone"}, + {__NR_clone3, "clone3"}, {__NR_close, "close"}, {__NR_connect, "connect"}, {__NR_copy_file_range, "copy_file_range"}, @@ -540,6 +547,7 @@ public: allowed_syscalls.insert(__NR_brk); // change data segment size allowed_syscalls.insert(__NR_madvise); // give advice about use of memory allowed_syscalls.insert(__NR_membarrier); // issue memory barriers on a set of threads + allowed_syscalls.insert(__NR_mincore); // check if virtual memory is in RAM allowed_syscalls.insert(__NR_mlock); // lock memory allowed_syscalls.insert(__NR_mmap); // map files or devices into memory allowed_syscalls.insert(__NR_mprotect); // set protection on a region of memory @@ -705,6 +713,7 @@ public: void AllowProcessStartOrDeath() { allowed_syscalls.insert(__NR_clone); // create a child process + allowed_syscalls.insert(__NR_clone3); // create a child process allowed_syscalls.insert(__NR_exit); // terminate the calling process allowed_syscalls.insert(__NR_exit_group); // exit all threads in a process allowed_syscalls.insert(__NR_fork); // create a child process |