configs/imagemagick: more syscalls allowed
This commit is contained in:
parent
af7bfc16aa
commit
8fe58806f2
@ -72,14 +72,14 @@ mount {
|
|||||||
|
|
||||||
seccomp_string: "POLICY imagemagick_convert {"
|
seccomp_string: "POLICY imagemagick_convert {"
|
||||||
seccomp_string: " ALLOW {"
|
seccomp_string: " ALLOW {"
|
||||||
seccomp_string: " read, write, open, close, newstat, newfstat,"
|
seccomp_string: " read, write, open, openat, close, newstat, newfstat,"
|
||||||
seccomp_string: " newlstat, lseek, mmap, mprotect, munmap, brk,"
|
seccomp_string: " newlstat, lseek, mmap, mprotect, munmap, brk,"
|
||||||
seccomp_string: " rt_sigaction, rt_sigprocmask, pwrite64, access,"
|
seccomp_string: " rt_sigaction, rt_sigprocmask, pwrite64, access,"
|
||||||
seccomp_string: " getpid, execveat, getdents, unlink, fchmod,"
|
seccomp_string: " getpid, execveat, getdents, unlink, fchmod,"
|
||||||
seccomp_string: " getrlimit, getrusage, sysinfo, times, futex,"
|
seccomp_string: " getrlimit, getrusage, sysinfo, times, futex,"
|
||||||
seccomp_string: " arch_prctl, sched_getaffinity, set_tid_address,"
|
seccomp_string: " arch_prctl, sched_getaffinity, set_tid_address,"
|
||||||
seccomp_string: " clock_gettime, set_robust_list, exit_group,"
|
seccomp_string: " clock_gettime, set_robust_list, exit_group,"
|
||||||
seccomp_string: " clone, getcwd, pread64, readlink"
|
seccomp_string: " clone, getcwd, pread64, readlink, prlimit64"
|
||||||
seccomp_string: " }"
|
seccomp_string: " }"
|
||||||
seccomp_string: "}"
|
seccomp_string: "}"
|
||||||
seccomp_string: "USE imagemagick_convert DEFAULT KILL"
|
seccomp_string: "USE imagemagick_convert DEFAULT KILL"
|
||||||
|
Loading…
Reference in New Issue
Block a user