Mascali
/
piston
mirror of https://github.com/engineer-man/piston.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Fixes nasm32 - adds 32bit arch to seccomp filter (#231)

This commit is contained in:
Victor Frazao 2021-04-25 00:55:39 -04:00 committed by GitHub
parent 1e3b01283e
commit 5f97005a9a
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 16 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
api/src/nosocket/nosocket.c
View File

@ -24,6 +24,22 @@ int main(int argc, char *argv[])
return 1; return 1;
} }
// Add 32 bit and 64 bit architectures to seccomp filter
int rc;
uint32_t arch[] = {SCMP_ARCH_X86_64, SCMP_ARCH_X86, SCMP_ARCH_X32};
// We first remove the existing arch, otherwise our subsequent call to add
// it will fail
seccomp_arch_remove(ctx, seccomp_arch_native());
for (int i = 0; i < sizeof(arch) / sizeof(arch[0]); i++)
{
rc = seccomp_arch_add(ctx, arch[i]);
if (rc != 0)
{
fprintf(stderr, "Unable to add arch: %d\n", arch[i]);
return 1;
}
}
// Add a seccomp rule to the syscall blacklist - blacklist the socket syscall // Add a seccomp rule to the syscall blacklist - blacklist the socket syscall
if (seccomp_rule_add(ctx, SCMP_ACT_ERRNO(EACCES), SCMP_SYS(socket), 0) < 0) if (seccomp_rule_add(ctx, SCMP_ACT_ERRNO(EACCES), SCMP_SYS(socket), 0) < 0)
{ {