mirror of
https://git.pwmt.org/pwmt/zathura.git
synced 2024-12-27 13:26:00 +01:00
support syscalls used by recent glibc versions
This commit is contained in:
parent
d050449f81
commit
004a35dba1
1 changed files with 7 additions and 6 deletions
|
@ -169,7 +169,7 @@ seccomp_enable_strict_filter(zathura_t* zathura)
|
|||
ALLOW_RULE(fadvise64);
|
||||
ALLOW_RULE(fallocate);
|
||||
ALLOW_RULE(fcntl); /* TODO: build detailed filter */
|
||||
/* ALLOW_RULE(fstat); unused?, stat (below), lstat(below), fstatat, newfstatat(below) */
|
||||
ALLOW_RULE(fstat); /* used by older libc, stat (below), lstat(below), fstatat, newfstatat(below) */
|
||||
ALLOW_RULE(fstatfs); /* statfs (below) */
|
||||
ALLOW_RULE(ftruncate);
|
||||
ALLOW_RULE(futex);
|
||||
|
@ -227,15 +227,15 @@ seccomp_enable_strict_filter(zathura_t* zathura)
|
|||
/* ALLOW_RULE(shmdt); X11 only */
|
||||
/* ALLOW_RULE(shmget); X11 only */
|
||||
ALLOW_RULE(shutdown);
|
||||
/* ALLOW_RULE(stat); unused? */
|
||||
ALLOW_RULE(stat); /* used by older libc */
|
||||
ALLOW_RULE(statx);
|
||||
ALLOW_RULE(statfs); /* used by filemonotor, fstatfs above */
|
||||
ALLOW_RULE(statfs); /* used by filemonitor, fstatfs above */
|
||||
ALLOW_RULE(sysinfo);
|
||||
/* ALLOW_RULE(umask); X11 only */
|
||||
/* ALLOW_RULE(uname); X11 only */
|
||||
ALLOW_RULE(unlink); /* unused?, unlinkat */
|
||||
/* ALLOW_RULE(unlink); unused?, unlinkat */
|
||||
ALLOW_RULE(write); /* investigate further */
|
||||
/* ALLOW_RULE(writev); X11 only, pwritev, pwritev2 */
|
||||
/* ALLOW_RULE(writev); X11 only */
|
||||
/* ALLOW_RULE(wait4); unused? */
|
||||
|
||||
/* required for testing only */
|
||||
|
@ -265,7 +265,7 @@ seccomp_enable_strict_filter(zathura_t* zathura)
|
|||
ALLOW_RULE(shmctl);
|
||||
ALLOW_RULE(shmdt);
|
||||
ALLOW_RULE(shmget);
|
||||
ALLOW_RULE(writev);
|
||||
ALLOW_RULE(writev); /* pwritev, pwritev2 */
|
||||
}
|
||||
else {
|
||||
girara_debug("On Wayland, blocking X11 syscalls");
|
||||
|
@ -342,6 +342,7 @@ seccomp_enable_strict_filter(zathura_t* zathura)
|
|||
* it will be unable to make decisions based on the flags given to clone3().
|
||||
* Code meant to be sandboxed with seccomp should not use clone3() at all until it is possible to inspect its arguments.
|
||||
*
|
||||
*
|
||||
*/
|
||||
|
||||
|
||||
|
|
Loading…
Reference in a new issue