aboutsummaryrefslogtreecommitdiff
path: root/src/util
diff options
context:
space:
mode:
authorMarcoFalke <falke.marco@gmail.com>2021-10-18 11:51:08 +0200
committerMarcoFalke <falke.marco@gmail.com>2021-10-19 12:28:13 +0200
commitfaf13e272cad44917c4e5516172617fe8d68c00a (patch)
treec9525ad03b8c5543ac1b0d7868161c19f9ad1ba7 /src/util
parent077e98c6c20609bff7ecf1c7c9cdb3f4b31bc139 (diff)
Add missing gettimeofday to syscall sandbox
Also, sort entries. Can be reviewed with: --color-moved=dimmed-zebra
Diffstat (limited to 'src/util')
-rw-r--r--src/util/syscall_sandbox.cpp37
1 files changed, 19 insertions, 18 deletions
diff --git a/src/util/syscall_sandbox.cpp b/src/util/syscall_sandbox.cpp
index b361b09568..bc69df44f4 100644
--- a/src/util/syscall_sandbox.cpp
+++ b/src/util/syscall_sandbox.cpp
@@ -169,6 +169,10 @@ const std::map<uint32_t, std::string> LINUX_SYSCALLS{
{__NR_ftruncate, "ftruncate"},
{__NR_futex, "futex"},
{__NR_futimesat, "futimesat"},
+ {__NR_get_kernel_syms, "get_kernel_syms"},
+ {__NR_get_mempolicy, "get_mempolicy"},
+ {__NR_get_robust_list, "get_robust_list"},
+ {__NR_get_thread_area, "get_thread_area"},
{__NR_getcpu, "getcpu"},
{__NR_getcwd, "getcwd"},
{__NR_getdents, "getdents"},
@@ -178,8 +182,6 @@ const std::map<uint32_t, std::string> LINUX_SYSCALLS{
{__NR_getgid, "getgid"},
{__NR_getgroups, "getgroups"},
{__NR_getitimer, "getitimer"},
- {__NR_get_kernel_syms, "get_kernel_syms"},
- {__NR_get_mempolicy, "get_mempolicy"},
{__NR_getpeername, "getpeername"},
{__NR_getpgid, "getpgid"},
{__NR_getpgrp, "getpgrp"},
@@ -191,12 +193,10 @@ const std::map<uint32_t, std::string> LINUX_SYSCALLS{
{__NR_getresgid, "getresgid"},
{__NR_getresuid, "getresuid"},
{__NR_getrlimit, "getrlimit"},
- {__NR_get_robust_list, "get_robust_list"},
{__NR_getrusage, "getrusage"},
{__NR_getsid, "getsid"},
{__NR_getsockname, "getsockname"},
{__NR_getsockopt, "getsockopt"},
- {__NR_get_thread_area, "get_thread_area"},
{__NR_gettid, "gettid"},
{__NR_gettimeofday, "gettimeofday"},
{__NR_getuid, "getuid"},
@@ -207,15 +207,15 @@ const std::map<uint32_t, std::string> LINUX_SYSCALLS{
{__NR_inotify_init1, "inotify_init1"},
{__NR_inotify_rm_watch, "inotify_rm_watch"},
{__NR_io_cancel, "io_cancel"},
- {__NR_ioctl, "ioctl"},
{__NR_io_destroy, "io_destroy"},
{__NR_io_getevents, "io_getevents"},
+ {__NR_io_setup, "io_setup"},
+ {__NR_io_submit, "io_submit"},
+ {__NR_ioctl, "ioctl"},
{__NR_ioperm, "ioperm"},
{__NR_iopl, "iopl"},
{__NR_ioprio_get, "ioprio_get"},
{__NR_ioprio_set, "ioprio_set"},
- {__NR_io_setup, "io_setup"},
- {__NR_io_submit, "io_submit"},
{__NR_kcmp, "kcmp"},
{__NR_kexec_file_load, "kexec_file_load"},
{__NR_kexec_load, "kexec_load"},
@@ -271,8 +271,8 @@ const std::map<uint32_t, std::string> LINUX_SYSCALLS{
{__NR_newfstatat, "newfstatat"},
{__NR_nfsservctl, "nfsservctl"},
{__NR_open, "open"},
- {__NR_openat, "openat"},
{__NR_open_by_handle_at, "open_by_handle_at"},
+ {__NR_openat, "openat"},
{__NR_pause, "pause"},
{__NR_perf_event_open, "perf_event_open"},
{__NR_personality, "personality"},
@@ -307,6 +307,7 @@ const std::map<uint32_t, std::string> LINUX_SYSCALLS{
#ifdef __NR_pwritev2
{__NR_pwritev2, "pwritev2"},
#endif
+ {__NR__sysctl, "_sysctl"},
{__NR_query_module, "query_module"},
{__NR_quotactl, "quotactl"},
{__NR_read, "read"},
@@ -334,11 +335,11 @@ const std::map<uint32_t, std::string> LINUX_SYSCALLS{
{__NR_rt_sigsuspend, "rt_sigsuspend"},
{__NR_rt_sigtimedwait, "rt_sigtimedwait"},
{__NR_rt_tgsigqueueinfo, "rt_tgsigqueueinfo"},
+ {__NR_sched_get_priority_max, "sched_get_priority_max"},
+ {__NR_sched_get_priority_min, "sched_get_priority_min"},
{__NR_sched_getaffinity, "sched_getaffinity"},
{__NR_sched_getattr, "sched_getattr"},
{__NR_sched_getparam, "sched_getparam"},
- {__NR_sched_get_priority_max, "sched_get_priority_max"},
- {__NR_sched_get_priority_min, "sched_get_priority_min"},
{__NR_sched_getscheduler, "sched_getscheduler"},
{__NR_sched_rr_get_interval, "sched_rr_get_interval"},
{__NR_sched_setaffinity, "sched_setaffinity"},
@@ -357,6 +358,10 @@ const std::map<uint32_t, std::string> LINUX_SYSCALLS{
{__NR_sendmmsg, "sendmmsg"},
{__NR_sendmsg, "sendmsg"},
{__NR_sendto, "sendto"},
+ {__NR_set_mempolicy, "set_mempolicy"},
+ {__NR_set_robust_list, "set_robust_list"},
+ {__NR_set_thread_area, "set_thread_area"},
+ {__NR_set_tid_address, "set_tid_address"},
{__NR_setdomainname, "setdomainname"},
{__NR_setfsgid, "setfsgid"},
{__NR_setfsuid, "setfsuid"},
@@ -364,7 +369,6 @@ const std::map<uint32_t, std::string> LINUX_SYSCALLS{
{__NR_setgroups, "setgroups"},
{__NR_sethostname, "sethostname"},
{__NR_setitimer, "setitimer"},
- {__NR_set_mempolicy, "set_mempolicy"},
{__NR_setns, "setns"},
{__NR_setpgid, "setpgid"},
{__NR_setpriority, "setpriority"},
@@ -373,11 +377,8 @@ const std::map<uint32_t, std::string> LINUX_SYSCALLS{
{__NR_setresuid, "setresuid"},
{__NR_setreuid, "setreuid"},
{__NR_setrlimit, "setrlimit"},
- {__NR_set_robust_list, "set_robust_list"},
{__NR_setsid, "setsid"},
{__NR_setsockopt, "setsockopt"},
- {__NR_set_thread_area, "set_thread_area"},
- {__NR_set_tid_address, "set_tid_address"},
{__NR_settimeofday, "settimeofday"},
{__NR_setuid, "setuid"},
{__NR_setxattr, "setxattr"},
@@ -402,7 +403,6 @@ const std::map<uint32_t, std::string> LINUX_SYSCALLS{
{__NR_sync, "sync"},
{__NR_sync_file_range, "sync_file_range"},
{__NR_syncfs, "syncfs"},
- {__NR__sysctl, "_sysctl"},
{__NR_sysfs, "sysfs"},
{__NR_sysinfo, "sysinfo"},
{__NR_syslog, "syslog"},
@@ -411,12 +411,12 @@ const std::map<uint32_t, std::string> LINUX_SYSCALLS{
{__NR_time, "time"},
{__NR_timer_create, "timer_create"},
{__NR_timer_delete, "timer_delete"},
- {__NR_timerfd_create, "timerfd_create"},
- {__NR_timerfd_gettime, "timerfd_gettime"},
- {__NR_timerfd_settime, "timerfd_settime"},
{__NR_timer_getoverrun, "timer_getoverrun"},
{__NR_timer_gettime, "timer_gettime"},
{__NR_timer_settime, "timer_settime"},
+ {__NR_timerfd_create, "timerfd_create"},
+ {__NR_timerfd_gettime, "timerfd_gettime"},
+ {__NR_timerfd_settime, "timerfd_settime"},
{__NR_times, "times"},
{__NR_tkill, "tkill"},
{__NR_truncate, "truncate"},
@@ -650,6 +650,7 @@ public:
{
allowed_syscalls.insert(__NR_clock_getres); // find the resolution (precision) of the specified clock
allowed_syscalls.insert(__NR_clock_gettime); // retrieve the time of the specified clock
+ allowed_syscalls.insert(__NR_gettimeofday); // get timeval
}
void AllowGlobalProcessEnvironment()