mirror of
https://git.pwmt.org/pwmt/zathura.git
synced 2024-12-28 05:56:01 +01:00
support syscalls used by recent glibc versions
This commit is contained in:
parent
d050449f81
commit
004a35dba1
1 changed files with 7 additions and 6 deletions
|
@ -169,7 +169,7 @@ seccomp_enable_strict_filter(zathura_t* zathura)
|
||||||
ALLOW_RULE(fadvise64);
|
ALLOW_RULE(fadvise64);
|
||||||
ALLOW_RULE(fallocate);
|
ALLOW_RULE(fallocate);
|
||||||
ALLOW_RULE(fcntl); /* TODO: build detailed filter */
|
ALLOW_RULE(fcntl); /* TODO: build detailed filter */
|
||||||
/* ALLOW_RULE(fstat); unused?, stat (below), lstat(below), fstatat, newfstatat(below) */
|
ALLOW_RULE(fstat); /* used by older libc, stat (below), lstat(below), fstatat, newfstatat(below) */
|
||||||
ALLOW_RULE(fstatfs); /* statfs (below) */
|
ALLOW_RULE(fstatfs); /* statfs (below) */
|
||||||
ALLOW_RULE(ftruncate);
|
ALLOW_RULE(ftruncate);
|
||||||
ALLOW_RULE(futex);
|
ALLOW_RULE(futex);
|
||||||
|
@ -227,15 +227,15 @@ seccomp_enable_strict_filter(zathura_t* zathura)
|
||||||
/* ALLOW_RULE(shmdt); X11 only */
|
/* ALLOW_RULE(shmdt); X11 only */
|
||||||
/* ALLOW_RULE(shmget); X11 only */
|
/* ALLOW_RULE(shmget); X11 only */
|
||||||
ALLOW_RULE(shutdown);
|
ALLOW_RULE(shutdown);
|
||||||
/* ALLOW_RULE(stat); unused? */
|
ALLOW_RULE(stat); /* used by older libc */
|
||||||
ALLOW_RULE(statx);
|
ALLOW_RULE(statx);
|
||||||
ALLOW_RULE(statfs); /* used by filemonotor, fstatfs above */
|
ALLOW_RULE(statfs); /* used by filemonitor, fstatfs above */
|
||||||
ALLOW_RULE(sysinfo);
|
ALLOW_RULE(sysinfo);
|
||||||
/* ALLOW_RULE(umask); X11 only */
|
/* ALLOW_RULE(umask); X11 only */
|
||||||
/* ALLOW_RULE(uname); X11 only */
|
/* ALLOW_RULE(uname); X11 only */
|
||||||
ALLOW_RULE(unlink); /* unused?, unlinkat */
|
/* ALLOW_RULE(unlink); unused?, unlinkat */
|
||||||
ALLOW_RULE(write); /* investigate further */
|
ALLOW_RULE(write); /* investigate further */
|
||||||
/* ALLOW_RULE(writev); X11 only, pwritev, pwritev2 */
|
/* ALLOW_RULE(writev); X11 only */
|
||||||
/* ALLOW_RULE(wait4); unused? */
|
/* ALLOW_RULE(wait4); unused? */
|
||||||
|
|
||||||
/* required for testing only */
|
/* required for testing only */
|
||||||
|
@ -265,7 +265,7 @@ seccomp_enable_strict_filter(zathura_t* zathura)
|
||||||
ALLOW_RULE(shmctl);
|
ALLOW_RULE(shmctl);
|
||||||
ALLOW_RULE(shmdt);
|
ALLOW_RULE(shmdt);
|
||||||
ALLOW_RULE(shmget);
|
ALLOW_RULE(shmget);
|
||||||
ALLOW_RULE(writev);
|
ALLOW_RULE(writev); /* pwritev, pwritev2 */
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
girara_debug("On Wayland, blocking X11 syscalls");
|
girara_debug("On Wayland, blocking X11 syscalls");
|
||||||
|
@ -342,6 +342,7 @@ seccomp_enable_strict_filter(zathura_t* zathura)
|
||||||
* it will be unable to make decisions based on the flags given to clone3().
|
* it will be unable to make decisions based on the flags given to clone3().
|
||||||
* Code meant to be sandboxed with seccomp should not use clone3() at all until it is possible to inspect its arguments.
|
* Code meant to be sandboxed with seccomp should not use clone3() at all until it is possible to inspect its arguments.
|
||||||
*
|
*
|
||||||
|
*
|
||||||
*/
|
*/
|
||||||
|
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue