configs: block sched_setaffinity where max_cpus is used

2022-08-09 16:38:12 +02:00 · 2022-08-09 16:38:12 +02:00 · 30c81ce01f
commit 30c81ce01f
parent b3fcc30aec
3 changed files with 20 additions and 13 deletions
--- a/configs/bash-with-fake-geteuid.cfg
+++ b/configs/bash-with-fake-geteuid.cfg
@ -176,7 +176,7 @@ mount {
 }

 seccomp_string: "ERRNO(1337) { geteuid }	"
-seccomp_string: "ERRNO(0) { ptrace }		"
+seccomp_string: "ERRNO(1) { ptrace, sched_setaffinity }		"
 seccomp_string: "KILL_PROCESS { syslog }		"
 seccomp_string: "DEFAULT ALLOW			"

--- a/configs/xchat-with-net.cfg
+++ b/configs/xchat-with-net.cfg
@ -137,6 +137,9 @@ seccomp_string: "KILL_PROCESS {"
 seccomp_string: "	ptrace,				"
 seccomp_string: "	process_vm_readv,	"
 seccomp_string: "	process_vm_writev	"
+seccomp_string: "},						"
+seccomp_string: "ERRNO(1) {				"
+seccomp_string: "	sched_setaffinity	"
 seccomp_string: "}						"
 seccomp_string: "DEFAULT ALLOW			"

--- a/configs/znc-with-net.cfg
+++ b/configs/znc-with-net.cfg
@ -15,6 +15,7 @@ cwd: "/home/znc"
 daemon: true

 time_limit: 0
+max_cpus: 1

 envar: "HOME=/home/znc"
 envar: "TMP=/tmp"
@ -126,6 +127,9 @@ seccomp_string: "KILL_PROCESS {"
 seccomp_string: "	ptrace,				"
 seccomp_string: "	process_vm_readv,	"
 seccomp_string: "	process_vm_writev	"
+seccomp_string: "},						"
+seccomp_string: "ERRNO(1) {				"
+seccomp_string: "	sched_setaffinity	"
 seccomp_string: "}						"
 seccomp_string: "DEFAULT ALLOW			"