[tor-commits] [sandboxed-tor-browser/master] Add/fix a few more calls to the tor seccomp whitelist.

[yawning at torproject.org]

commit e2944e6c38892567b9f0f4af09e0ecb02c0ec300
Author: Yawning Angel <yawning at schwanenlied.me>
Date:   Sun Nov 27 20:48:18 2016 +0000

    Add/fix a few more calls to the tor seccomp whitelist.
---
 data/tor-whitelist.seccomp | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/data/tor-whitelist.seccomp b/data/tor-whitelist.seccomp
index 72b6694..35e35db 100644
--- a/data/tor-whitelist.seccomp
+++ b/data/tor-whitelist.seccomp
@@ -6,6 +6,7 @@ SIG_BLOCK=1
 SIG_SETMASK=2
 MREMAP_MAYMOVE=1
 PF_LOCAL=AF_LOCAL
+POLLIN=1
 
 # The tor stage 1 set.
 access: 1
@@ -21,6 +22,7 @@ pipe: 1
 fcntl: 1
 fstat: 1
 # fstat64: 1
+getdents: 1
 getdents64: 1
 getegid: 1
 # getegid32: 1
@@ -76,7 +78,7 @@ flock: arg1 == (LOCK_EX | LOCK_NB) || arg1 == LOCK_UN
 # FUTEX_WAIT_BITSET_PRIVATE|FUTEX_CLOCK_REALTIME || FUTEX_WAKE_PRIVATE || FUTEX_WAIT_PRIVATE
 futex: arg1 == 393 || arg1 == 128 || arg1 == 129
 mremap: arg3 == MREMAP_MAYMOVE
-poll: arg1 == 2 && arg2 == 10
+poll: arg1 == POLLIN && arg2 == 10
 socket: arg0 == AF_UNIX || arg0 == AF_INET || arg0 == AF_INET6 || arg0 == AF_NETLINK
 setsockopt: arg1 == SOL_SOCKET && (arg2 == SO_REUSEADDR || arg2 == SO_SNDBUF || arg2 == SO_RCVBUF)
 getsockopt: arg1 == SOL_SOCKET && arg2 == SO_ERROR
@@ -112,6 +114,6 @@ getpid: 1
 kill: 1
 execve: 1
 restart_syscall: 1
-
-# Things we may eventually need, that are disabled for now.
-#  * set_tid_address - If tor ever uses pthread_join()
+set_tid_address: 1
+chdir: 1
+umask: arg0 == 022