sys_linux: allow clone3 and pread64 in seccomp filter

author Miroslav Lichvar <mlichvar@redhat.com>

Mon, 9 Aug 2021 09:48:21 +0000 (11:48 +0200)

committer Miroslav Lichvar <mlichvar@redhat.com>

Mon, 9 Aug 2021 09:48:21 +0000 (11:48 +0200)
author Miroslav Lichvar <mlichvar@redhat.com>
Mon, 9 Aug 2021 09:48:21 +0000 (11:48 +0200)
committer Miroslav Lichvar <mlichvar@redhat.com>
Mon, 9 Aug 2021 09:48:21 +0000 (11:48 +0200)
diff --git a/sys_linux.c b/sys_linux.c

index 50c084313bef715f278d319c16b77942ec4e9463..2b53f722bd64869b9baf18b4e84299e9826303a3 100644 (file)
--- a/sys_linux.c
+++ b/sys_linux.c
@@ -503,6 +503,9 @@ SYS_Linux_EnableSystemCallFilter(int level, SYS_ProcessContext context)
  
      /* Process */
      SCMP_SYS(clone),
+#ifdef __NR_clone3
+    SCMP_SYS(clone3),
+#endif
      SCMP_SYS(exit),
      SCMP_SYS(exit_group),
      SCMP_SYS(getpid),
@@ -595,6 +598,7 @@ SYS_Linux_EnableSystemCallFilter(int level, SYS_ProcessContext context)
  #ifdef __NR_ppoll_time64
      SCMP_SYS(ppoll_time64),
  #endif
+    SCMP_SYS(pread64),
      SCMP_SYS(pselect6),
  #ifdef __NR_pselect6_time64
      SCMP_SYS(pselect6_time64),
author	Miroslav Lichvar <mlichvar@redhat.com>
	Mon, 9 Aug 2021 09:48:21 +0000 (11:48 +0200)
committer	Miroslav Lichvar <mlichvar@redhat.com>
	Mon, 9 Aug 2021 09:48:21 +0000 (11:48 +0200)