[File] [PATCH] Allow getrandom, rseq, and prctl for glibc malloc
Werner Fink
werner at suse.de
Fri Nov 8 07:42:36 UTC 2024
From: Cristian Rodríguez <crrodriguez at opensuse.org>
glibc uses getrandom in malloc, rseq, and prctl in various other
places, allow these syscalls in seccomp filter.
```
export GLIBC_TUNABLES=glibc.mem.decorate_maps=1
make check
```
Signed-off-by: Werner Fink <werner at suse.de>
---
src/seccomp.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/src/seccomp.c b/src/seccomp.c
index ce824330..8a2c8a4c 100644
--- a/src/seccomp.c
+++ b/src/seccomp.c
@@ -80,6 +80,9 @@ enable_sandbox(void)
if (ctx == NULL)
return -1;
+ ALLOW_RULE(prctl);
+ ALLOW_RULE(getrandom);
+ ALLOW_RULE(rseq);
ALLOW_RULE(access);
ALLOW_RULE(brk);
ALLOW_RULE(close);
--
2.43.0
More information about the File
mailing list