seccomp: more filtered syscalls

2 years ago · 2dc13abb5d
19 changed files with 40 additions and 2 deletions
--- a/binaries/aarch64/nfqws
+++ b/binaries/aarch64/nfqws
--- a/binaries/aarch64/tpws
+++ b/binaries/aarch64/tpws
--- a/binaries/arm/nfqws
+++ b/binaries/arm/nfqws
--- a/binaries/arm/tpws
+++ b/binaries/arm/tpws
--- a/binaries/mips32r1-lsb/nfqws
+++ b/binaries/mips32r1-lsb/nfqws
--- a/binaries/mips32r1-lsb/tpws
+++ b/binaries/mips32r1-lsb/tpws
--- a/binaries/mips32r1-msb/nfqws
+++ b/binaries/mips32r1-msb/nfqws
--- a/binaries/mips32r1-msb/tpws
+++ b/binaries/mips32r1-msb/tpws
--- a/binaries/mips64r2-msb/nfqws
+++ b/binaries/mips64r2-msb/nfqws
--- a/binaries/mips64r2-msb/tpws
+++ b/binaries/mips64r2-msb/tpws
--- a/binaries/ppc/nfqws
+++ b/binaries/ppc/nfqws
--- a/binaries/ppc/tpws
+++ b/binaries/ppc/tpws
--- a/binaries/x86/nfqws
+++ b/binaries/x86/nfqws
--- a/binaries/x86/tpws
+++ b/binaries/x86/tpws
--- a/binaries/x86_64/nfqws
+++ b/binaries/x86_64/nfqws
--- a/binaries/x86_64/tpws
+++ b/binaries/x86_64/tpws
--- a/binaries/x86_64/tpws_wsl.tgz
+++ b/binaries/x86_64/tpws_wsl.tgz
--- a/nfq/sec.c
+++ b/nfq/sec.c
@ -50,6 +50,9 @@ SYS_fork,
 #ifdef SYS_vfork
 SYS_vfork,
 #endif
+#ifdef SYS_uselib
+SYS_uselib,
+#endif
 #ifdef SYS_unlink
 SYS_unlink,
 #endif
@ -112,7 +115,23 @@ SYS_rename,
 #ifdef SYS_renameat2
 SYS_renameat2,
 #endif
-SYS_renameat
+SYS_renameat,
+#ifdef SYS_process_vm_readv
+SYS_process_vm_readv,
+#endif
+#ifdef SYS_process_vm_writev
+SYS_process_vm_writev,
+#endif
+#ifdef SYS_process_vm_madvise
+SYS_process_madvise,
+#endif
+#ifdef SYS_tkill
+SYS_tkill,
+#endif
+#ifdef SYS_tgkill
+SYS_tgkill,
+#endif
+SYS_kill, SYS_ptrace
 };
 #define BLOCKED_SYSCALL_COUNT (sizeof(blocked_syscalls)/sizeof(*blocked_syscalls))

--- a/tpws/sec.c
+++ b/tpws/sec.c
@ -50,6 +50,9 @@ SYS_fork,
 #ifdef SYS_vfork
 SYS_vfork,
 #endif
+#ifdef SYS_uselib
+SYS_uselib,
+#endif
 #ifdef SYS_unlink
 SYS_unlink,
 #endif
@ -112,7 +115,23 @@ SYS_rename,
 #ifdef SYS_renameat2
 SYS_renameat2,
 #endif
-SYS_renameat
+SYS_renameat,
+#ifdef SYS_process_vm_readv
+SYS_process_vm_readv,
+#endif
+#ifdef SYS_process_vm_writev
+SYS_process_vm_writev,
+#endif
+#ifdef SYS_process_vm_madvise
+SYS_process_madvise,
+#endif
+#ifdef SYS_tkill
+SYS_tkill,
+#endif
+#ifdef SYS_tgkill
+SYS_tgkill,
+#endif
+SYS_kill, SYS_ptrace
 };
 #define BLOCKED_SYSCALL_COUNT (sizeof(blocked_syscalls)/sizeof(*blocked_syscalls))