aboutsummaryrefslogtreecommitdiff
path: root/src/util
diff options
context:
space:
mode:
authorfanquake <fanquake@gmail.com>2021-10-05 09:13:55 +0800
committerfanquake <fanquake@gmail.com>2021-10-05 09:13:55 +0800
commit44d77d2213e6bd2e2f700dd8c3c3f932bc1bcb48 (patch)
tree38b565b50d400818f8890bdba441d1e6c7b8c16a /src/util
parentee08741c9c6c6931c521f57d179532277dced546 (diff)
sandbox: add copy_file_range to allowed filesystem syscalls
Diffstat (limited to 'src/util')
-rw-r--r--src/util/syscall_sandbox.cpp53
1 files changed, 27 insertions, 26 deletions
diff --git a/src/util/syscall_sandbox.cpp b/src/util/syscall_sandbox.cpp
index 83d69dd72d..2b479a072e 100644
--- a/src/util/syscall_sandbox.cpp
+++ b/src/util/syscall_sandbox.cpp
@@ -536,32 +536,33 @@ public:
void AllowFileSystem()
{
- allowed_syscalls.insert(__NR_access); // check user's permissions for a file
- allowed_syscalls.insert(__NR_chdir); // change working directory
- allowed_syscalls.insert(__NR_chmod); // change permissions of a file
- allowed_syscalls.insert(__NR_fallocate); // manipulate file space
- allowed_syscalls.insert(__NR_fchmod); // change permissions of a file
- allowed_syscalls.insert(__NR_fchown); // change ownership of a file
- allowed_syscalls.insert(__NR_fdatasync); // synchronize a file's in-core state with storage device
- allowed_syscalls.insert(__NR_flock); // apply or remove an advisory lock on an open file
- allowed_syscalls.insert(__NR_fstat); // get file status
- allowed_syscalls.insert(__NR_newfstatat); // get file status
- allowed_syscalls.insert(__NR_fsync); // synchronize a file's in-core state with storage device
- allowed_syscalls.insert(__NR_ftruncate); // truncate a file to a specified length
- allowed_syscalls.insert(__NR_getcwd); // get current working directory
- allowed_syscalls.insert(__NR_getdents); // get directory entries
- allowed_syscalls.insert(__NR_getdents64); // get directory entries
- allowed_syscalls.insert(__NR_lstat); // get file status
- allowed_syscalls.insert(__NR_mkdir); // create a directory
- allowed_syscalls.insert(__NR_open); // open and possibly create a file
- allowed_syscalls.insert(__NR_openat); // open and possibly create a file
- allowed_syscalls.insert(__NR_readlink); // read value of a symbolic link
- allowed_syscalls.insert(__NR_rename); // change the name or location of a file
- allowed_syscalls.insert(__NR_rmdir); // delete a directory
- allowed_syscalls.insert(__NR_stat); // get file status
- allowed_syscalls.insert(__NR_statfs); // get filesystem statistics
- allowed_syscalls.insert(__NR_statx); // get file status (extended)
- allowed_syscalls.insert(__NR_unlink); // delete a name and possibly the file it refers to
+ allowed_syscalls.insert(__NR_access); // check user's permissions for a file
+ allowed_syscalls.insert(__NR_chdir); // change working directory
+ allowed_syscalls.insert(__NR_chmod); // change permissions of a file
+ allowed_syscalls.insert(__NR_copy_file_range); // copy a range of data from one file to another
+ allowed_syscalls.insert(__NR_fallocate); // manipulate file space
+ allowed_syscalls.insert(__NR_fchmod); // change permissions of a file
+ allowed_syscalls.insert(__NR_fchown); // change ownership of a file
+ allowed_syscalls.insert(__NR_fdatasync); // synchronize a file's in-core state with storage device
+ allowed_syscalls.insert(__NR_flock); // apply or remove an advisory lock on an open file
+ allowed_syscalls.insert(__NR_fstat); // get file status
+ allowed_syscalls.insert(__NR_newfstatat); // get file status
+ allowed_syscalls.insert(__NR_fsync); // synchronize a file's in-core state with storage device
+ allowed_syscalls.insert(__NR_ftruncate); // truncate a file to a specified length
+ allowed_syscalls.insert(__NR_getcwd); // get current working directory
+ allowed_syscalls.insert(__NR_getdents); // get directory entries
+ allowed_syscalls.insert(__NR_getdents64); // get directory entries
+ allowed_syscalls.insert(__NR_lstat); // get file status
+ allowed_syscalls.insert(__NR_mkdir); // create a directory
+ allowed_syscalls.insert(__NR_open); // open and possibly create a file
+ allowed_syscalls.insert(__NR_openat); // open and possibly create a file
+ allowed_syscalls.insert(__NR_readlink); // read value of a symbolic link
+ allowed_syscalls.insert(__NR_rename); // change the name or location of a file
+ allowed_syscalls.insert(__NR_rmdir); // delete a directory
+ allowed_syscalls.insert(__NR_stat); // get file status
+ allowed_syscalls.insert(__NR_statfs); // get filesystem statistics
+ allowed_syscalls.insert(__NR_statx); // get file status (extended)
+ allowed_syscalls.insert(__NR_unlink); // delete a name and possibly the file it refers to
}
void AllowFutex()