2022-10-02 14:09:25 +08:00
|
|
|
#include "../sandbox.h"
|
|
|
|
|
#include "lang.h"
|
|
|
|
|
#include "rules.h"
|
|
|
|
|
|
|
|
|
|
#include <seccomp.h>
|
|
|
|
|
|
2022-10-09 20:19:25 +08:00
|
|
|
void setup_lang_c_cpp(scmp_filter_ctx ctx) {
|
2022-10-02 16:06:27 +08:00
|
|
|
int white[] = {
|
2022-10-04 14:30:11 +08:00
|
|
|
SCMP_SYS(read), // 0
|
|
|
|
|
SCMP_SYS(write), // 1
|
2022-10-20 15:44:03 +08:00
|
|
|
SCMP_SYS(close), // 3
|
2022-10-04 14:30:11 +08:00
|
|
|
SCMP_SYS(fstat), // 5
|
|
|
|
|
SCMP_SYS(lseek), // 8
|
|
|
|
|
SCMP_SYS(mmap), // 9
|
|
|
|
|
SCMP_SYS(munmap), // 11
|
2022-10-20 15:44:03 +08:00
|
|
|
SCMP_SYS(brk), // 12
|
2022-10-04 14:30:11 +08:00
|
|
|
SCMP_SYS(pread64), // 17
|
|
|
|
|
SCMP_SYS(getpid), // 39
|
2022-10-20 15:44:03 +08:00
|
|
|
SCMP_SYS(clone), // 56
|
2022-10-04 14:30:11 +08:00
|
|
|
SCMP_SYS(futex), // 202
|
|
|
|
|
SCMP_SYS(newfstatat), // 262
|
|
|
|
|
SCMP_SYS(clock_gettime), // 228
|
|
|
|
|
SCMP_SYS(clock_getres), // 229
|
|
|
|
|
SCMP_SYS(clock_nanosleep), // 230
|
|
|
|
|
SCMP_SYS(exit_group), // 231
|
2022-10-20 15:44:03 +08:00
|
|
|
SCMP_SYS(set_robust_list), // 273
|
|
|
|
|
SCMP_SYS(get_robust_list), // 274
|
2022-10-02 16:06:27 +08:00
|
|
|
};
|
2022-10-02 14:09:25 +08:00
|
|
|
int white_len = sizeof(white) / sizeof(white[0]);
|
|
|
|
|
|
|
|
|
|
for (int i = 0; i < white_len; i++) {
|
|
|
|
|
add_syscall_nr(white[i], ctx, SCMP_ACT_ALLOW);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
struct rule lang_c_rule = {
|
2022-10-09 20:19:25 +08:00
|
|
|
.name = "c",
|
|
|
|
|
.setup = setup_lang_c_cpp,
|
2022-10-02 14:09:25 +08:00
|
|
|
};
|
|
|
|
|
|
2022-10-09 20:19:25 +08:00
|
|
|
struct rule lang_cpp_rule = {
|
|
|
|
|
.name = "cpp",
|
|
|
|
|
.setup = setup_lang_c_cpp,
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
void register_lang_c_cpp(void) {
|
|
|
|
|
register_rule(&lang_c_rule);
|
|
|
|
|
register_rule(&lang_cpp_rule);
|
|
|
|
|
}
|
