From 6ca677106992321326427c89a40e1c9673a499b2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Fri, 8 Nov 2019 14:00:10 +0100 Subject: [PATCH] seccomp: add all *time64 syscalls From https://bugzilla.redhat.com/show_bug.cgi?id=1770154: > utime is an obsolete system call. The current kernel interface is > utimensat_time64. New 32-bit architectures do not even provide the utime > system call. Also add all other *time64 syscalls listed in https://fedora.juszkiewicz.com.pl/syscalls.html. --- src/shared/seccomp-util.c | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/src/shared/seccomp-util.c b/src/shared/seccomp-util.c index 0701dc4b9d1..2a4334b784a 100644 --- a/src/shared/seccomp-util.c +++ b/src/shared/seccomp-util.c @@ -258,12 +258,16 @@ const SyscallFilterSet syscall_filter_sets[_SYSCALL_FILTER_SET_MAX] = { .help = "System calls that are always permitted", .value = "clock_getres\0" + "clock_getres_time64\0" "clock_gettime\0" + "clock_gettime64\0" "clock_nanosleep\0" + "clock_nanosleep_time64\0" "execve\0" "exit\0" "exit_group\0" "futex\0" + "futex_time64\0" "get_robust_list\0" "get_thread_area\0" "getegid\0" @@ -312,6 +316,7 @@ const SyscallFilterSet syscall_filter_sets[_SYSCALL_FILTER_SET_MAX] = { "io_destroy\0" "io_getevents\0" "io_pgetevents\0" + "io_pgetevents_time64\0" "io_setup\0" "io_submit\0" "io_uring_enter\0" @@ -357,7 +362,9 @@ const SyscallFilterSet syscall_filter_sets[_SYSCALL_FILTER_SET_MAX] = { .value = "adjtimex\0" "clock_adjtime\0" + "clock_adjtime64\0" "clock_settime\0" + "clock_settime64\0" "settimeofday\0" "stime\0" }, @@ -465,6 +472,7 @@ const SyscallFilterSet syscall_filter_sets[_SYSCALL_FILTER_SET_MAX] = { "unlinkat\0" "utime\0" "utimensat\0" + "utimensat_time64\0" "utimes\0" }, [SYSCALL_FILTER_SET_IO_EVENT] = { @@ -483,7 +491,9 @@ const SyscallFilterSet syscall_filter_sets[_SYSCALL_FILTER_SET_MAX] = { "eventfd2\0" "poll\0" "ppoll\0" + "ppoll_time64\0" "pselect6\0" + "pselect6_time64\0" "select\0" }, [SYSCALL_FILTER_SET_IPC] = { @@ -496,7 +506,9 @@ const SyscallFilterSet syscall_filter_sets[_SYSCALL_FILTER_SET_MAX] = { "mq_notify\0" "mq_open\0" "mq_timedreceive\0" + "mq_timedreceive_time64\0" "mq_timedsend\0" + "mq_timedsend_time64\0" "mq_unlink\0" "msgctl\0" "msgget\0" @@ -510,6 +522,7 @@ const SyscallFilterSet syscall_filter_sets[_SYSCALL_FILTER_SET_MAX] = { "semget\0" "semop\0" "semtimedop\0" + "semtimedop_time64\0" "shmat\0" "shmctl\0" "shmdt\0" @@ -572,6 +585,7 @@ const SyscallFilterSet syscall_filter_sets[_SYSCALL_FILTER_SET_MAX] = { "recv\0" "recvfrom\0" "recvmmsg\0" + "recvmmsg_time64\0" "recvmsg\0" "send\0" "sendmmsg\0" @@ -747,6 +761,7 @@ const SyscallFilterSet syscall_filter_sets[_SYSCALL_FILTER_SET_MAX] = { "rt_sigprocmask\0" "rt_sigsuspend\0" "rt_sigtimedwait\0" + "rt_sigtimedwait_time64\0" "sigaction\0" "sigaltstack\0" "signal\0" @@ -826,6 +841,7 @@ const SyscallFilterSet syscall_filter_sets[_SYSCALL_FILTER_SET_MAX] = { "sched_getparam\0" "sched_getscheduler\0" "sched_rr_get_interval\0" + "sched_rr_get_interval_time64\0" "sched_yield\0" "sendfile\0" "sendfile64\0" @@ -854,10 +870,14 @@ const SyscallFilterSet syscall_filter_sets[_SYSCALL_FILTER_SET_MAX] = { "timer_delete\0" "timer_getoverrun\0" "timer_gettime\0" + "timer_gettime64\0" "timer_settime\0" + "timer_settime64\0" "timerfd_create\0" "timerfd_gettime\0" + "timerfd_gettime64\0" "timerfd_settime\0" + "timerfd_settime64\0" "times\0" }, };