fix: enhanced syscall list
This commit is contained in:
parent
05372f10e8
commit
dec92fbf65
@ -1,11 +1,13 @@
|
||||
#!/usr/bin/env bash
|
||||
|
||||
VERSION=v2.5.4
|
||||
if [ -d ./libseccomp ]; then exit 0; fi
|
||||
|
||||
set -x
|
||||
|
||||
git clone https://github.com/seccomp/libseccomp.git &>/dev/null
|
||||
git clone https://github.com/seccomp/libseccomp.git >/dev/null 2>&1 || exit 1
|
||||
cd libseccomp || exit 1
|
||||
git checkout $VERSION &>/dev/null
|
||||
./autogen.sh &>/dev/null || exit 1
|
||||
./configure --enable-shared=no &>/dev/null || exit 1
|
||||
make -j &>/dev/null || exit 1
|
||||
git checkout $VERSION >/dev/null 2>&1
|
||||
./autogen.sh >/dev/null 2>&1 || exit 1
|
||||
./configure --enable-shared=no >/dev/null 2>&1 || exit 1
|
||||
make -j >/dev/null 2>&1 || exit 1
|
||||
|
10
library.c
10
library.c
@ -7,11 +7,11 @@
|
||||
#include <unistd.h>
|
||||
|
||||
static __attribute__((constructor)) void inject(void) {
|
||||
char comm[64];
|
||||
int fd = open("/proc/self/comm", O_RDONLY);
|
||||
size_t len = read(fd, comm, sizeof(comm));
|
||||
len = len ? len - 1 : 0;
|
||||
comm[len] = '\0';
|
||||
char comm[64];
|
||||
int fd = open("/proc/self/comm", O_RDONLY);
|
||||
ssize_t len = read(fd, comm, sizeof(comm));
|
||||
len = len > 0 ? len - 1 : 0;
|
||||
comm[len] = '\0';
|
||||
close(fd);
|
||||
|
||||
LOG_INFO("Setting up sandbox for %s(%d)", comm, getpid());
|
||||
|
@ -8,18 +8,23 @@ void setup_lang_c_cpp(scmp_filter_ctx ctx) {
|
||||
int white[] = {
|
||||
SCMP_SYS(read), // 0
|
||||
SCMP_SYS(write), // 1
|
||||
SCMP_SYS(close), // 3
|
||||
SCMP_SYS(fstat), // 5
|
||||
SCMP_SYS(lseek), // 8
|
||||
SCMP_SYS(mmap), // 9
|
||||
SCMP_SYS(munmap), // 11
|
||||
SCMP_SYS(brk), // 12
|
||||
SCMP_SYS(pread64), // 17
|
||||
SCMP_SYS(getpid), // 39
|
||||
SCMP_SYS(clone), // 56
|
||||
SCMP_SYS(futex), // 202
|
||||
SCMP_SYS(newfstatat), // 262
|
||||
SCMP_SYS(clock_gettime), // 228
|
||||
SCMP_SYS(clock_getres), // 229
|
||||
SCMP_SYS(clock_nanosleep), // 230
|
||||
SCMP_SYS(exit_group), // 231
|
||||
SCMP_SYS(set_robust_list), // 273
|
||||
SCMP_SYS(get_robust_list), // 274
|
||||
};
|
||||
int white_len = sizeof(white) / sizeof(white[0]);
|
||||
|
||||
|
14
test.c
14
test.c
@ -4,10 +4,16 @@
|
||||
|
||||
int main() {
|
||||
LOG_INFO("Testing Memory Limit");
|
||||
void *p = malloc(sizeof(int) * 1024 * 1024 * 10);
|
||||
if (!p) {
|
||||
LOG_ERR("malloc failed");
|
||||
}
|
||||
|
||||
void *p;
|
||||
int counter = 0;
|
||||
do {
|
||||
p = malloc(1);
|
||||
if (!p) {
|
||||
LOG_ERR("malloc failed, cnt=%d", counter);
|
||||
}
|
||||
counter++;
|
||||
} while (p);
|
||||
|
||||
LOG_INFO("Testing NPROC Limit");
|
||||
pid_t pid = fork();
|
||||
|
Loading…
Reference in New Issue
Block a user