2024-01-01 17:31:46 +08:00
|
|
|
#include "rules.h"
|
|
|
|
|
|
|
|
|
|
#include <seccomp.h>
|
|
|
|
|
|
|
|
|
|
void setup_lang_go(scmp_filter_ctx ctx) {
|
|
|
|
|
int white[] = {
|
|
|
|
|
SCMP_SYS(rt_sigaction), // 13
|
|
|
|
|
SCMP_SYS(rt_sigprocmask), // 14
|
|
|
|
|
SCMP_SYS(madvise), // 28
|
|
|
|
|
SCMP_SYS(clone), // 56
|
2024-04-27 21:21:43 +08:00
|
|
|
SCMP_SYS(fcntl), // 72
|
|
|
|
|
SCMP_SYS(getrlimit), // 97
|
2024-01-01 17:31:46 +08:00
|
|
|
SCMP_SYS(sigaltstack), // 131
|
|
|
|
|
SCMP_SYS(gettid), // 186
|
2024-04-27 21:21:43 +08:00
|
|
|
SCMP_SYS(futex), // 202
|
2024-01-01 17:31:46 +08:00
|
|
|
SCMP_SYS(sched_getaffinity), // 204
|
|
|
|
|
};
|
|
|
|
|
ADD_RULE_LIST(white, SCMP_ACT_ALLOW);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
struct rule lang_go_rule = {
|
|
|
|
|
.name = "go",
|
|
|
|
|
.setup = setup_lang_go,
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
void __attribute__((constructor(101))) register_lang_go(void) { register_rule(&lang_go_rule); }
|
