From 5f97005a9ae6539163ef41c137bf8b040f0f2f17 Mon Sep 17 00:00:00 2001 From: Victor Frazao <31864869+vfrazao-ns1@users.noreply.github.com> Date: Sun, 25 Apr 2021 00:55:39 -0400 Subject: [PATCH] Fixes nasm32 - adds 32bit arch to seccomp filter (#231) --- api/src/nosocket/nosocket.c | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/api/src/nosocket/nosocket.c b/api/src/nosocket/nosocket.c index 03909ee..4efab88 100644 --- a/api/src/nosocket/nosocket.c +++ b/api/src/nosocket/nosocket.c @@ -24,6 +24,22 @@ int main(int argc, char *argv[]) return 1; } + // Add 32 bit and 64 bit architectures to seccomp filter + int rc; + uint32_t arch[] = {SCMP_ARCH_X86_64, SCMP_ARCH_X86, SCMP_ARCH_X32}; + // We first remove the existing arch, otherwise our subsequent call to add + // it will fail + seccomp_arch_remove(ctx, seccomp_arch_native()); + for (int i = 0; i < sizeof(arch) / sizeof(arch[0]); i++) + { + rc = seccomp_arch_add(ctx, arch[i]); + if (rc != 0) + { + fprintf(stderr, "Unable to add arch: %d\n", arch[i]); + return 1; + } + } + // Add a seccomp rule to the syscall blacklist - blacklist the socket syscall if (seccomp_rule_add(ctx, SCMP_ACT_ERRNO(EACCES), SCMP_SYS(socket), 0) < 0) {