Magic-Mirror/gecko-dev
1
0
Fork 0
mirror of https://github.com/mozilla/gecko-dev.git synced 2025-01-26 06:38:36 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

bug 1102277 - Update seccomp filter for newer bionic. r=jld

Browse Source
This commit is contained in:
Kai-Zhen Li 2014-11-21 01:07:15 +08:00
parent 39c562b9f7
commit b2ba6d9ceb
1 changed files with 8 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
security/sandbox/linux/SandboxFilter.cpp
View File

@ -132,6 +132,7 @@ SandboxFilterImplContent::Build() {
Allow(SYSCALL(clock_gettime));
Allow(SYSCALL(epoll_wait));
Allow(SYSCALL(epoll_pwait));
Allow(SYSCALL(gettimeofday));
Allow(SYSCALL(read));
Allow(SYSCALL(write));
@ -168,6 +169,9 @@ SandboxFilterImplContent::Build() {
Allow(SYSCALL(dup));
Allow(SYSCALL(nanosleep));
Allow(SYSCALL(poll));
Allow(SYSCALL(ppoll));
Allow(SYSCALL(openat));
Allow(SYSCALL(faccessat));
// select()'s arguments used to be passed by pointer as a struct.
#if SYSCALL_EXISTS(_newselect)
Allow(SYSCALL(_newselect));
@ -299,6 +303,9 @@ SandboxFilterImplContent::Build() {
Allow(SYSCALL(umask));
Allow(SYSCALL(getresgid));
Allow(SYSCALL(poll));
Allow(SYSCALL(ppoll));
Allow(SYSCALL(openat));
Allow(SYSCALL(faccessat));
Allow(SYSCALL(inotify_init1));
Allow(SYSCALL(wait4));
Allow(SYSVIPCCALL(shmctl, SHMCTL));
@ -358,6 +365,7 @@ void SandboxFilterImplGMP::Build() {
Allow(SYSCALL(write));
Allow(SYSCALL(read));
Allow(SYSCALL(epoll_wait));
Allow(SYSCALL(epoll_pwait));
Allow(SOCKETCALL(recvmsg, RECVMSG));
Allow(SOCKETCALL(sendmsg, SENDMSG));
Allow(SYSCALL(time));