diff options
| author | Cristian Toader <cristian.matei.toader@gmail.com> | 2013-07-31 00:27:14 +0300 |
|---|---|---|
| committer | Cristian Toader <cristian.matei.toader@gmail.com> | 2013-07-31 00:27:14 +0300 |
| commit | f0840ed4c9f17f199d73b8b9788b08af0265026d (patch) | |
| tree | b7c559305c8f19fc493ef08f2f142eb252ed1990 /src/common | |
| parent | 5fc0e13db821b76c2bdee06c8622a95383d1b915 (diff) | |
| download | tor-f0840ed4c9f17f199d73b8b9788b08af0265026d.tar tor-f0840ed4c9f17f199d73b8b9788b08af0265026d.tar.gz | |
epoll_ctl
Diffstat (limited to 'src/common')
| -rw-r--r-- | src/common/sandbox.c | 23 |
1 files changed, 21 insertions, 2 deletions
diff --git a/src/common/sandbox.c b/src/common/sandbox.c index acf303814..6de95da4d 100644 --- a/src/common/sandbox.c +++ b/src/common/sandbox.c @@ -33,6 +33,7 @@ #include <sys/mman.h> #include <sys/syscall.h> #include <sys/types.h> +#include <sys/epoll.h> #include <bits/signum.h> #include <seccomp.h> @@ -52,7 +53,6 @@ static int filter_nopar_gen[] = { SCMP_SYS(close), SCMP_SYS(clone), SCMP_SYS(epoll_create), - SCMP_SYS(epoll_ctl), SCMP_SYS(epoll_wait), SCMP_SYS(fcntl), @@ -326,6 +326,24 @@ sb_fcntl64(scmp_filter_ctx ctx) } #endif +static int +sb_epoll_ctl(scmp_filter_ctx ctx) +{ + int rc = 0; + + rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(epoll_ctl), 1, + SCMP_CMP(1, SCMP_CMP_EQ, EPOLL_CTL_ADD)); + if (rc) + return rc; + + rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(epoll_ctl), 1, + SCMP_CMP(1, SCMP_CMP_EQ, EPOLL_CTL_MOD)); + if (rc) + return rc; + + return 0; +} + static sandbox_filter_func_t filter_func[] = { sb_rt_sigaction, sb_execve, @@ -335,7 +353,8 @@ static sandbox_filter_func_t filter_func[] = { sb_open, sb_openat, sb_clock_gettime, - sb_fcntl64 + sb_fcntl64, + sb_epoll_ctl }; const char* |