Merge "Allow system processes to use vfork"
This commit is contained in:
Treehugger Robot
Gerrit Code Review
commit
860d27bd88
5 changed files with 9 additions and 9 deletions
|
|
@ -25,9 +25,6 @@
|
|||
#
|
||||
# This file is processed by a python script named genseccomp.py.
|
||||
|
||||
# Syscalls needed to run GFXBenchmark
|
||||
pid_t vfork:vfork() arm,x86,x86_64
|
||||
|
||||
# Needed for debugging 32-bit Chrome
|
||||
int pipe:pipe(int pipefd[2]) arm,x86,mips
|
||||
|
||||
|
|
|
|||
|
|
@ -39,6 +39,9 @@ int fstatat64|fstatat:newfstatat(int, const char*, struct stat*, int) mips64
|
|||
int fstat64|fstat:fstat(int, struct stat*) mips64
|
||||
int _flush_cache:cacheflush(char* addr, const int nbytes, const int op) mips64
|
||||
|
||||
# vfork is used by java.lang.ProcessBuilder
|
||||
pid_t vfork:vfork() arm,x86,x86_64
|
||||
|
||||
# Needed for performance tools
|
||||
int perf_event_open:perf_event_open(struct perf_event_attr *attr, pid_t pid, int cpu, int group_fd, unsigned long flags) all
|
||||
|
||||
|
|
|
|||
|
|
@ -72,7 +72,7 @@ BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 137, 65, 64), //personality
|
|||
BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 141, 64, 63), //setfsuid|setfsgid|_llseek
|
||||
BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 290, 31, 0),
|
||||
BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 217, 15, 0),
|
||||
BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 191, 7, 0),
|
||||
BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 190, 7, 0),
|
||||
BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 172, 3, 0),
|
||||
BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 150, 1, 0),
|
||||
BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 149, 58, 57), //flock|msync|readv|writev|getsid|fdatasync
|
||||
|
|
@ -82,7 +82,7 @@ BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 182, 55, 54), //prctl|rt_sigreturn|rt_sigaction|
|
|||
BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 188, 54, 53), //getcwd|capget|capset|sigaltstack|sendfile
|
||||
BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 199, 3, 0),
|
||||
BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 197, 1, 0),
|
||||
BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 195, 51, 50), //ugetrlimit|mmap2|truncate64|ftruncate64
|
||||
BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 195, 51, 50), //vfork|ugetrlimit|mmap2|truncate64|ftruncate64
|
||||
BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 198, 50, 49), //fstat64
|
||||
BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 213, 1, 0),
|
||||
BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 212, 48, 47), //getuid32|getgid32|geteuid32|getegid32|setreuid32|setregid32|getgroups32|setgroups32|fchown32|setresuid32|getresuid32|setresgid32|getresgid32
|
||||
|
|
|
|||
|
|
@ -20,14 +20,14 @@ BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 24, 1, 0),
|
|||
BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 21, 76, 75), //lseek|mmap|mprotect|munmap|brk|rt_sigaction|rt_sigprocmask|rt_sigreturn|ioctl|pread64|pwrite64|readv|writev
|
||||
BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 29, 75, 74), //sched_yield|mremap|msync|mincore|madvise
|
||||
BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 33, 74, 73), //dup
|
||||
BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 59, 5, 0),
|
||||
BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 58, 5, 0),
|
||||
BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 44, 3, 0),
|
||||
BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 38, 1, 0),
|
||||
BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 37, 70, 69), //nanosleep|getitimer
|
||||
BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 43, 69, 68), //setitimer|getpid|sendfile|socket|connect
|
||||
BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 57, 68, 67), //sendto|recvfrom|sendmsg|recvmsg|shutdown|bind|listen|getsockname|getpeername|socketpair|setsockopt|getsockopt|clone
|
||||
BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 72, 1, 0),
|
||||
BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 64, 66, 65), //execve|exit|wait4|kill|uname
|
||||
BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 64, 66, 65), //vfork|execve|exit|wait4|kill|uname
|
||||
BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 78, 65, 64), //fcntl|flock|fsync|fdatasync|truncate|ftruncate
|
||||
BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 137, 11, 0),
|
||||
BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 95, 5, 0),
|
||||
|
|
|
|||
|
|
@ -76,12 +76,12 @@ BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 141, 53, 52), //setfsuid|setfsgid|_llseek
|
|||
BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 150, 1, 0),
|
||||
BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 149, 51, 50), //flock|msync|readv|writev|getsid|fdatasync
|
||||
BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 164, 50, 49), //mlock|munlock|mlockall|munlockall|sched_setparam|sched_getparam|sched_setscheduler|sched_getscheduler|sched_yield|sched_get_priority_max|sched_get_priority_min|sched_rr_get_interval|nanosleep|mremap
|
||||
BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 191, 3, 0),
|
||||
BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 190, 3, 0),
|
||||
BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 183, 1, 0),
|
||||
BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 182, 47, 46), //prctl|rt_sigreturn|rt_sigaction|rt_sigprocmask|rt_sigpending|rt_sigtimedwait|rt_sigqueueinfo|rt_sigsuspend|pread64|pwrite64
|
||||
BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 188, 46, 45), //getcwd|capget|capset|sigaltstack|sendfile
|
||||
BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 197, 1, 0),
|
||||
BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 195, 44, 43), //ugetrlimit|mmap2|truncate64|ftruncate64
|
||||
BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 195, 44, 43), //vfork|ugetrlimit|mmap2|truncate64|ftruncate64
|
||||
BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 198, 43, 42), //fstat64
|
||||
BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 245, 7, 0),
|
||||
BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 218, 3, 0),
|
||||
|
|
|
|||
Loading…
Reference in a new issue