39 lines
1.3 KiB
C
39 lines
1.3 KiB
C
#include "rules.h"
|
|
|
|
#include <seccomp.h>
|
|
|
|
void setup_lang_pypy(scmp_filter_ctx ctx) {
|
|
// uname(63), mkdir(83), readlinkat(267) more than python3
|
|
int white[] = {
|
|
SCMP_SYS(rt_sigaction), // 13
|
|
SCMP_SYS(rt_sigprocmask), // 14
|
|
SCMP_SYS(ioctl), // 16
|
|
SCMP_SYS(uname), // 63
|
|
SCMP_SYS(fcntl), // 72
|
|
SCMP_SYS(getcwd), // 79
|
|
SCMP_SYS(mkdir), // 83
|
|
SCMP_SYS(readlink), // 89
|
|
SCMP_SYS(sysinfo), // 99
|
|
SCMP_SYS(getuid), // 102
|
|
SCMP_SYS(getgid), // 104
|
|
SCMP_SYS(geteuid), // 107
|
|
SCMP_SYS(getegid), // 108
|
|
SCMP_SYS(gettid), // 186
|
|
SCMP_SYS(futex), // 202
|
|
SCMP_SYS(getdents64), // 217
|
|
SCMP_SYS(set_tid_address), // 218
|
|
SCMP_SYS(readlinkat), // 267
|
|
SCMP_SYS(pselect6), // 270
|
|
SCMP_SYS(set_robust_list), // 273
|
|
SCMP_SYS(rseq), // 334
|
|
};
|
|
ADD_RULE_LIST(white, SCMP_ACT_ALLOW);
|
|
}
|
|
|
|
struct rule lang_pypy_rule = {
|
|
.name = "pypy3",
|
|
.setup = setup_lang_pypy,
|
|
};
|
|
|
|
void __attribute__((constructor(101))) register_lang_pypy(void) { register_rule(&lang_pypy_rule); }
|