woj/nsjail
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

configs/imagemagick: more syscalls allowed

Browse Source
This commit is contained in:
Robert Swiecki 2017-12-05 22:13:00 +01:00
parent af7bfc16aa
commit 8fe58806f2
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
configs/imagemagick-convert.cfg
View File

@ -72,14 +72,14 @@ mount {
seccomp_string: "POLICY imagemagick_convert {"
seccomp_string: " ALLOW {"
seccomp_string: " read, write, open, close, newstat, newfstat,"
seccomp_string: " read, write, open, openat, close, newstat, newfstat,"
seccomp_string: " newlstat, lseek, mmap, mprotect, munmap, brk,"
seccomp_string: " rt_sigaction, rt_sigprocmask, pwrite64, access,"
seccomp_string: " getpid, execveat, getdents, unlink, fchmod,"
seccomp_string: " getrlimit, getrusage, sysinfo, times, futex,"
seccomp_string: " arch_prctl, sched_getaffinity, set_tid_address,"
seccomp_string: " clock_gettime, set_robust_list, exit_group,"
seccomp_string: " clone, getcwd, pread64, readlink"
seccomp_string: " clone, getcwd, pread64, readlink, prlimit64"
seccomp_string: " }"
seccomp_string: "}"
seccomp_string: "USE imagemagick_convert DEFAULT KILL"