commit e2944e6c38892567b9f0f4af09e0ecb02c0ec300 Author: Yawning Angel yawning@schwanenlied.me Date: Sun Nov 27 20:48:18 2016 +0000
Add/fix a few more calls to the tor seccomp whitelist. --- data/tor-whitelist.seccomp | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-)
diff --git a/data/tor-whitelist.seccomp b/data/tor-whitelist.seccomp index 72b6694..35e35db 100644 --- a/data/tor-whitelist.seccomp +++ b/data/tor-whitelist.seccomp @@ -6,6 +6,7 @@ SIG_BLOCK=1 SIG_SETMASK=2 MREMAP_MAYMOVE=1 PF_LOCAL=AF_LOCAL +POLLIN=1
# The tor stage 1 set. access: 1 @@ -21,6 +22,7 @@ pipe: 1 fcntl: 1 fstat: 1 # fstat64: 1 +getdents: 1 getdents64: 1 getegid: 1 # getegid32: 1 @@ -76,7 +78,7 @@ flock: arg1 == (LOCK_EX | LOCK_NB) || arg1 == LOCK_UN # FUTEX_WAIT_BITSET_PRIVATE|FUTEX_CLOCK_REALTIME || FUTEX_WAKE_PRIVATE || FUTEX_WAIT_PRIVATE futex: arg1 == 393 || arg1 == 128 || arg1 == 129 mremap: arg3 == MREMAP_MAYMOVE -poll: arg1 == 2 && arg2 == 10 +poll: arg1 == POLLIN && arg2 == 10 socket: arg0 == AF_UNIX || arg0 == AF_INET || arg0 == AF_INET6 || arg0 == AF_NETLINK setsockopt: arg1 == SOL_SOCKET && (arg2 == SO_REUSEADDR || arg2 == SO_SNDBUF || arg2 == SO_RCVBUF) getsockopt: arg1 == SOL_SOCKET && arg2 == SO_ERROR @@ -112,6 +114,6 @@ getpid: 1 kill: 1 execve: 1 restart_syscall: 1 - -# Things we may eventually need, that are disabled for now. -# * set_tid_address - If tor ever uses pthread_join() +set_tid_address: 1 +chdir: 1 +umask: arg0 == 022