[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH v2 051/109] virtiofsd: add seccomp whitelist
From: |
Florian Weimer |
Subject: |
Re: [PATCH v2 051/109] virtiofsd: add seccomp whitelist |
Date: |
Fri, 24 Jan 2020 10:46:27 +0100 |
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/26.3 (gnu/linux) |
* David Alan Gilbert:
> +static const int syscall_whitelist[] = {
> + /* TODO ireg sem*() syscalls */
> + SCMP_SYS(brk),
> + SCMP_SYS(capget), /* For CAP_FSETID */
> + SCMP_SYS(capset),
> + SCMP_SYS(clock_gettime),
> + SCMP_SYS(gettimeofday),
Is this to suppose to work on 32-bit architectures? Then you need to
add the time64 system call variants as well.
Thanks,
Florian
- [PATCH v2 045/109] virtiofsd: prevent ".." escape in lo_do_lookup(), (continued)
- [PATCH v2 045/109] virtiofsd: prevent ".." escape in lo_do_lookup(), Dr. David Alan Gilbert (git), 2020/01/21
- [PATCH v2 044/109] virtiofsd: check input buffer size in fuse_lowlevel.c ops, Dr. David Alan Gilbert (git), 2020/01/21
- [PATCH v2 046/109] virtiofsd: prevent ".." escape in lo_do_readdir(), Dr. David Alan Gilbert (git), 2020/01/21
- [PATCH v2 047/109] virtiofsd: use /proc/self/fd/ O_PATH file descriptor, Dr. David Alan Gilbert (git), 2020/01/21
- [PATCH v2 048/109] virtiofsd: sandbox mount namespace, Dr. David Alan Gilbert (git), 2020/01/21
- [PATCH v2 049/109] virtiofsd: move to an empty network namespace, Dr. David Alan Gilbert (git), 2020/01/21
- [PATCH v2 051/109] virtiofsd: add seccomp whitelist, Dr. David Alan Gilbert (git), 2020/01/21
- Re: [PATCH v2 051/109] virtiofsd: add seccomp whitelist,
Florian Weimer <=
[PATCH v2 050/109] virtiofsd: move to a new pid namespace, Dr. David Alan Gilbert (git), 2020/01/21
[PATCH v2 052/109] virtiofsd: Parse flag FUSE_WRITE_KILL_PRIV, Dr. David Alan Gilbert (git), 2020/01/21
[PATCH v2 053/109] virtiofsd: cap-ng helpers, Dr. David Alan Gilbert (git), 2020/01/21
[PATCH v2 054/109] virtiofsd: Drop CAP_FSETID if client asked for it, Dr. David Alan Gilbert (git), 2020/01/21
[PATCH v2 055/109] virtiofsd: set maximum RLIMIT_NOFILE limit, Dr. David Alan Gilbert (git), 2020/01/21
[PATCH v2 056/109] virtiofsd: fix libfuse information leaks, Dr. David Alan Gilbert (git), 2020/01/21
[PATCH v2 057/109] docs: Add docs/tools, Dr. David Alan Gilbert (git), 2020/01/21