From 6d661dc5b291358f844afb6910ebef93d6c92a95 Mon Sep 17 00:00:00 2001 From: Stefano Brivio Date: Sat, 26 Feb 2022 23:39:19 +0100 Subject: seccomp: Adjust list of allowed syscalls for armv6l, armv7l It looks like glibc commonly implements clock_gettime(2) with clock_gettime64(), and uses recv() instead of recvfrom(), send() instead of sendto(), and sigreturn() instead of rt_sigreturn() on armv6l and armv7l. Adjust the list of system calls for armv6l and armv7l accordingly. Signed-off-by: Stefano Brivio --- passt.c | 8 +++++--- pasta.c | 3 ++- util.c | 3 ++- 3 files changed, 9 insertions(+), 5 deletions(-) diff --git a/passt.c b/passt.c index 22934a2..e7dd108 100644 --- a/passt.c +++ b/passt.c @@ -297,9 +297,11 @@ void exit_handler(int signal) * * #syscalls read write writev * #syscalls socket bind connect getsockopt setsockopt s390x:socketcall close - * #syscalls recvfrom sendto shutdown ppc64le:recv ppc64le:send - * #syscalls accept4|accept listen - * #syscalls epoll_ctl epoll_wait|epoll_pwait epoll_pwait clock_gettime + * #syscalls recvfrom sendto shutdown + * #syscalls armv6l:recv armv7l:recv ppc64le:recv + * #syscalls armv6l:send armv7l:send ppc64le:send + * #syscalls accept4|accept listen epoll_ctl epoll_wait|epoll_pwait epoll_pwait + * #syscalls clock_gettime armv6l:clock_gettime64 armv7l:clock_gettime64 */ int main(int argc, char **argv) { diff --git a/pasta.c b/pasta.c index e45cc92..96866c6 100644 --- a/pasta.c +++ b/pasta.c @@ -12,7 +12,8 @@ * Author: Stefano Brivio * * #syscalls:pasta clone waitid exit exit_group rt_sigprocmask - * #syscalls:pasta rt_sigreturn|sigreturn ppc64:sigreturn s390x:sigreturn + * #syscalls:pasta rt_sigreturn|sigreturn armv6l:sigreturn armv7l:sigreturn + * #syscalls:pasta ppc64:sigreturn s390x:sigreturn */ #include diff --git a/util.c b/util.c index e9fca3b..90b5ab8 100644 --- a/util.c +++ b/util.c @@ -441,7 +441,8 @@ char *line_read(char *buf, size_t len, int fd) * @map: Bitmap where numbers of ports in listening state will be set * @exclude: Bitmap of ports to exclude from setting (and clear) * - * #syscalls:pasta lseek ppc64le:_llseek ppc64:_llseek + * #syscalls:pasta lseek + * #syscalls:pasta ppc64le:_llseek ppc64:_llseek armv6l:_llseek armv7l:_llseek */ void procfs_scan_listen(struct ctx *c, uint8_t proto, int ip_version, int ns, uint8_t *map, uint8_t *exclude) -- cgit v1.2.3