From faf13e272cad44917c4e5516172617fe8d68c00a Mon Sep 17 00:00:00 2001 From: MarcoFalke Date: Mon, 18 Oct 2021 11:51:08 +0200 Subject: Add missing gettimeofday to syscall sandbox Also, sort entries. Can be reviewed with: --color-moved=dimmed-zebra --- src/util/syscall_sandbox.cpp | 37 +++++++++++++++++++------------------ 1 file changed, 19 insertions(+), 18 deletions(-) (limited to 'src') diff --git a/src/util/syscall_sandbox.cpp b/src/util/syscall_sandbox.cpp index b361b09568..bc69df44f4 100644 --- a/src/util/syscall_sandbox.cpp +++ b/src/util/syscall_sandbox.cpp @@ -169,6 +169,10 @@ const std::map LINUX_SYSCALLS{ {__NR_ftruncate, "ftruncate"}, {__NR_futex, "futex"}, {__NR_futimesat, "futimesat"}, + {__NR_get_kernel_syms, "get_kernel_syms"}, + {__NR_get_mempolicy, "get_mempolicy"}, + {__NR_get_robust_list, "get_robust_list"}, + {__NR_get_thread_area, "get_thread_area"}, {__NR_getcpu, "getcpu"}, {__NR_getcwd, "getcwd"}, {__NR_getdents, "getdents"}, @@ -178,8 +182,6 @@ const std::map LINUX_SYSCALLS{ {__NR_getgid, "getgid"}, {__NR_getgroups, "getgroups"}, {__NR_getitimer, "getitimer"}, - {__NR_get_kernel_syms, "get_kernel_syms"}, - {__NR_get_mempolicy, "get_mempolicy"}, {__NR_getpeername, "getpeername"}, {__NR_getpgid, "getpgid"}, {__NR_getpgrp, "getpgrp"}, @@ -191,12 +193,10 @@ const std::map LINUX_SYSCALLS{ {__NR_getresgid, "getresgid"}, {__NR_getresuid, "getresuid"}, {__NR_getrlimit, "getrlimit"}, - {__NR_get_robust_list, "get_robust_list"}, {__NR_getrusage, "getrusage"}, {__NR_getsid, "getsid"}, {__NR_getsockname, "getsockname"}, {__NR_getsockopt, "getsockopt"}, - {__NR_get_thread_area, "get_thread_area"}, {__NR_gettid, "gettid"}, {__NR_gettimeofday, "gettimeofday"}, {__NR_getuid, "getuid"}, @@ -207,15 +207,15 @@ const std::map LINUX_SYSCALLS{ {__NR_inotify_init1, "inotify_init1"}, {__NR_inotify_rm_watch, "inotify_rm_watch"}, {__NR_io_cancel, "io_cancel"}, - {__NR_ioctl, "ioctl"}, {__NR_io_destroy, "io_destroy"}, {__NR_io_getevents, "io_getevents"}, + {__NR_io_setup, "io_setup"}, + {__NR_io_submit, "io_submit"}, + {__NR_ioctl, "ioctl"}, {__NR_ioperm, "ioperm"}, {__NR_iopl, "iopl"}, {__NR_ioprio_get, "ioprio_get"}, {__NR_ioprio_set, "ioprio_set"}, - {__NR_io_setup, "io_setup"}, - {__NR_io_submit, "io_submit"}, {__NR_kcmp, "kcmp"}, {__NR_kexec_file_load, "kexec_file_load"}, {__NR_kexec_load, "kexec_load"}, @@ -271,8 +271,8 @@ const std::map LINUX_SYSCALLS{ {__NR_newfstatat, "newfstatat"}, {__NR_nfsservctl, "nfsservctl"}, {__NR_open, "open"}, - {__NR_openat, "openat"}, {__NR_open_by_handle_at, "open_by_handle_at"}, + {__NR_openat, "openat"}, {__NR_pause, "pause"}, {__NR_perf_event_open, "perf_event_open"}, {__NR_personality, "personality"}, @@ -307,6 +307,7 @@ const std::map LINUX_SYSCALLS{ #ifdef __NR_pwritev2 {__NR_pwritev2, "pwritev2"}, #endif + {__NR__sysctl, "_sysctl"}, {__NR_query_module, "query_module"}, {__NR_quotactl, "quotactl"}, {__NR_read, "read"}, @@ -334,11 +335,11 @@ const std::map LINUX_SYSCALLS{ {__NR_rt_sigsuspend, "rt_sigsuspend"}, {__NR_rt_sigtimedwait, "rt_sigtimedwait"}, {__NR_rt_tgsigqueueinfo, "rt_tgsigqueueinfo"}, + {__NR_sched_get_priority_max, "sched_get_priority_max"}, + {__NR_sched_get_priority_min, "sched_get_priority_min"}, {__NR_sched_getaffinity, "sched_getaffinity"}, {__NR_sched_getattr, "sched_getattr"}, {__NR_sched_getparam, "sched_getparam"}, - {__NR_sched_get_priority_max, "sched_get_priority_max"}, - {__NR_sched_get_priority_min, "sched_get_priority_min"}, {__NR_sched_getscheduler, "sched_getscheduler"}, {__NR_sched_rr_get_interval, "sched_rr_get_interval"}, {__NR_sched_setaffinity, "sched_setaffinity"}, @@ -357,6 +358,10 @@ const std::map LINUX_SYSCALLS{ {__NR_sendmmsg, "sendmmsg"}, {__NR_sendmsg, "sendmsg"}, {__NR_sendto, "sendto"}, + {__NR_set_mempolicy, "set_mempolicy"}, + {__NR_set_robust_list, "set_robust_list"}, + {__NR_set_thread_area, "set_thread_area"}, + {__NR_set_tid_address, "set_tid_address"}, {__NR_setdomainname, "setdomainname"}, {__NR_setfsgid, "setfsgid"}, {__NR_setfsuid, "setfsuid"}, @@ -364,7 +369,6 @@ const std::map LINUX_SYSCALLS{ {__NR_setgroups, "setgroups"}, {__NR_sethostname, "sethostname"}, {__NR_setitimer, "setitimer"}, - {__NR_set_mempolicy, "set_mempolicy"}, {__NR_setns, "setns"}, {__NR_setpgid, "setpgid"}, {__NR_setpriority, "setpriority"}, @@ -373,11 +377,8 @@ const std::map LINUX_SYSCALLS{ {__NR_setresuid, "setresuid"}, {__NR_setreuid, "setreuid"}, {__NR_setrlimit, "setrlimit"}, - {__NR_set_robust_list, "set_robust_list"}, {__NR_setsid, "setsid"}, {__NR_setsockopt, "setsockopt"}, - {__NR_set_thread_area, "set_thread_area"}, - {__NR_set_tid_address, "set_tid_address"}, {__NR_settimeofday, "settimeofday"}, {__NR_setuid, "setuid"}, {__NR_setxattr, "setxattr"}, @@ -402,7 +403,6 @@ const std::map LINUX_SYSCALLS{ {__NR_sync, "sync"}, {__NR_sync_file_range, "sync_file_range"}, {__NR_syncfs, "syncfs"}, - {__NR__sysctl, "_sysctl"}, {__NR_sysfs, "sysfs"}, {__NR_sysinfo, "sysinfo"}, {__NR_syslog, "syslog"}, @@ -411,12 +411,12 @@ const std::map LINUX_SYSCALLS{ {__NR_time, "time"}, {__NR_timer_create, "timer_create"}, {__NR_timer_delete, "timer_delete"}, - {__NR_timerfd_create, "timerfd_create"}, - {__NR_timerfd_gettime, "timerfd_gettime"}, - {__NR_timerfd_settime, "timerfd_settime"}, {__NR_timer_getoverrun, "timer_getoverrun"}, {__NR_timer_gettime, "timer_gettime"}, {__NR_timer_settime, "timer_settime"}, + {__NR_timerfd_create, "timerfd_create"}, + {__NR_timerfd_gettime, "timerfd_gettime"}, + {__NR_timerfd_settime, "timerfd_settime"}, {__NR_times, "times"}, {__NR_tkill, "tkill"}, {__NR_truncate, "truncate"}, @@ -650,6 +650,7 @@ public: { allowed_syscalls.insert(__NR_clock_getres); // find the resolution (precision) of the specified clock allowed_syscalls.insert(__NR_clock_gettime); // retrieve the time of the specified clock + allowed_syscalls.insert(__NR_gettimeofday); // get timeval } void AllowGlobalProcessEnvironment() -- cgit v1.2.3