Line
Link Here
|
0 |
-- a/ntpd/ntp_sandbox.c |
0 |
++ b/ntpd/ntp_sandbox.c |
Lines 306-313
Link Here
|
306 |
#endif |
306 |
#endif |
307 |
#endif /* ENABLE_EARLY_DROPROOT */ |
307 |
#endif /* ENABLE_EARLY_DROPROOT */ |
308 |
|
308 |
|
309 |
SCMP_SYS(accept), |
309 |
SCMP_SYS(accept), |
310 |
SCMP_SYS(access), |
310 |
SCMP_SYS(access), |
311 |
SCMP_SYS(adjtimex), |
311 |
SCMP_SYS(adjtimex), |
312 |
SCMP_SYS(bind), |
312 |
SCMP_SYS(bind), |
313 |
SCMP_SYS(brk), |
313 |
SCMP_SYS(brk), |
Lines 319-324
Link Here
|
319 |
SCMP_SYS(connect), |
319 |
SCMP_SYS(connect), |
320 |
SCMP_SYS(exit), |
320 |
SCMP_SYS(exit), |
321 |
SCMP_SYS(exit_group), |
321 |
SCMP_SYS(exit_group), |
|
|
322 |
#ifdef __NR_faccessat |
323 |
SCMP_SYS(faccessat), /* riscv and aarch64 */ |
324 |
#endif |
322 |
SCMP_SYS(fcntl), |
325 |
SCMP_SYS(fcntl), |
323 |
SCMP_SYS(fstat), |
326 |
SCMP_SYS(fstat), |
324 |
SCMP_SYS(fsync), |
327 |
SCMP_SYS(fsync), |
Lines 349-359
Link Here
|
349 |
SCMP_SYS(lseek), |
352 |
SCMP_SYS(lseek), |
350 |
SCMP_SYS(membarrier), /* Needed on Alpine 3.11.3 */ |
353 |
SCMP_SYS(membarrier), /* Needed on Alpine 3.11.3 */ |
351 |
SCMP_SYS(munmap), |
354 |
SCMP_SYS(munmap), |
|
|
355 |
SCMP_SYS(newfstatat), /* riscv and aarch64 */ |
352 |
SCMP_SYS(open), |
356 |
SCMP_SYS(open), |
353 |
#ifdef __NR_openat |
357 |
#ifdef __NR_openat |
354 |
SCMP_SYS(openat), /* SUSE */ |
358 |
SCMP_SYS(openat), /* SUSE */ |
355 |
#endif |
359 |
#endif |
356 |
SCMP_SYS(poll), |
360 |
SCMP_SYS(poll), |
|
|
361 |
SCMP_SYS(pread64), |
357 |
SCMP_SYS(pselect6), |
362 |
SCMP_SYS(pselect6), |
358 |
SCMP_SYS(read), |
363 |
SCMP_SYS(read), |
359 |
SCMP_SYS(recvfrom), /* Comment this out for testing. |
364 |
SCMP_SYS(recvfrom), /* Comment this out for testing. |
Lines 362-367
Link Here
|
362 |
*/ |
367 |
*/ |
363 |
SCMP_SYS(recvmsg), |
368 |
SCMP_SYS(recvmsg), |
364 |
SCMP_SYS(rename), |
369 |
SCMP_SYS(rename), |
|
|
370 |
#ifdef __NR_renameat2 |
371 |
SCMP_SYS(renameat2), /* riscv */ |
372 |
#endif |
365 |
SCMP_SYS(rt_sigaction), |
373 |
SCMP_SYS(rt_sigaction), |
366 |
SCMP_SYS(rt_sigprocmask), |
374 |
SCMP_SYS(rt_sigprocmask), |
367 |
SCMP_SYS(rt_sigreturn), |
375 |
SCMP_SYS(rt_sigreturn), |
Lines 401-406
Link Here
|
401 |
* rather than generate a trap. |
409 |
* rather than generate a trap. |
402 |
*/ |
410 |
*/ |
403 |
SCMP_SYS(clone), /* threads */ |
411 |
SCMP_SYS(clone), /* threads */ |
|
|
412 |
SCMP_SYS(clone3), |
404 |
SCMP_SYS(kill), /* generate signal */ |
413 |
SCMP_SYS(kill), /* generate signal */ |
405 |
SCMP_SYS(madvise), |
414 |
SCMP_SYS(madvise), |
406 |
SCMP_SYS(mprotect), |
415 |
SCMP_SYS(mprotect), |
Lines 415-423
Link Here
|
415 |
SCMP_SYS(nanosleep), |
424 |
SCMP_SYS(nanosleep), |
416 |
#endif |
425 |
#endif |
417 |
#ifdef CLOCK_SHM |
426 |
#ifdef CLOCK_SHM |
418 |
SCMP_SYS(shmget), |
427 |
SCMP_SYS(shmget), |
419 |
SCMP_SYS(shmat), |
428 |
SCMP_SYS(shmat), |
420 |
SCMP_SYS(shmdt), |
429 |
SCMP_SYS(shmdt), |
421 |
#endif |
430 |
#endif |
422 |
|
431 |
|
423 |
SCMP_SYS(fcntl64), |
432 |
SCMP_SYS(fcntl64), |
Lines 445-459
Link Here
|
445 |
SCMP_SYS(geteuid32), |
454 |
SCMP_SYS(geteuid32), |
446 |
#endif |
455 |
#endif |
447 |
|
456 |
|
|
|
457 |
#ifdef __NR_rseq |
458 |
SCMP_SYS(rseq), |
459 |
#endif |
460 |
|
448 |
#ifdef __NR_mmap |
461 |
#ifdef __NR_mmap |
449 |
/* gentoo 64-bit and 32-bit, Intel and Arm use mmap */ |
462 |
/* gentoo 64-bit and 32-bit, Intel and Arm use mmap */ |
450 |
SCMP_SYS(mmap), |
463 |
SCMP_SYS(mmap), |
451 |
#endif |
464 |
#endif |
452 |
#if defined(__aarch64__) |
465 |
#if defined(__aarch64__) |
453 |
SCMP_SYS(faccessat), |
|
|
454 |
SCMP_SYS(newfstatat), |
455 |
SCMP_SYS(renameat), |
456 |
SCMP_SYS(linkat), |
466 |
SCMP_SYS(linkat), |
|
|
467 |
SCMP_SYS(renameat), |
468 |
SCMP_SYS(syscall), |
457 |
SCMP_SYS(unlinkat), |
469 |
SCMP_SYS(unlinkat), |
458 |
#endif |
470 |
#endif |
459 |
#if defined(__i386__) || defined(__arm__) || defined(__powerpc__) |
471 |
#if defined(__i386__) || defined(__arm__) || defined(__powerpc__) |
Lines 463-468
Link Here
|
463 |
SCMP_SYS(send), |
475 |
SCMP_SYS(send), |
464 |
SCMP_SYS(stat64), |
476 |
SCMP_SYS(stat64), |
465 |
#endif |
477 |
#endif |
|
|
478 |
#if defined(__arm__) |
479 |
SCMP_SYS(statx), |
480 |
#endif |
466 |
}; |
481 |
}; |
467 |
{ |
482 |
{ |
468 |
for (unsigned int i = 0; i < COUNTOF(scmp_sc); i++) { |
483 |
for (unsigned int i = 0; i < COUNTOF(scmp_sc); i++) { |