ExternalVendorCode/genode
1
0
Fork 0
mirror of https://github.com/genodelabs/genode.git synced 2024-12-20 06:07:59 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

base-linux: let seccomp permit 'read'

Browse Source 
This is needed for using the 'wait_for_continue' debug mechanism.

Fixes #3798
This commit is contained in:
Norman Feske 2020-07-03 11:56:19 +02:00
parent 0e6c32f75e
commit 0310c733d5
4 changed files with 3 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
repos/base-linux/src/lib/seccomp/spec/arm/seccomp_bpf_policy.bin
View File

Binary file not shown.

BIN
repos/base-linux/src/lib/seccomp/spec/x86_32/seccomp_bpf_policy.bin
View File

Binary file not shown.

BIN
repos/base-linux/src/lib/seccomp/spec/x86_64/seccomp_bpf_policy.bin
View File

Binary file not shown.

3
tool/seccomp/seccomp_bpf_compiler.h
View File

@ -99,6 +99,9 @@ class Filter
_add_allow_rule(SCMP_SYS(fstat)); _add_allow_rule(SCMP_SYS(fstat));
_add_allow_rule(SCMP_SYS(fstat64)); _add_allow_rule(SCMP_SYS(fstat64));
/* This syscall is used by the 'wait_for_continue' debug mechanism. */
_add_allow_rule(SCMP_SYS(read));
/* This syscall is used to wait for a condition. This should be safe. */ /* This syscall is used to wait for a condition. This should be safe. */
_add_allow_rule(SCMP_SYS(futex)); _add_allow_rule(SCMP_SYS(futex));