Skip to content

Commit

Permalink
Allow the dup3() syscall on Linux
Browse files Browse the repository at this point in the history 
I have no idea why, but it seems that dup2() is sometimes implemented
internally using the dup3() syscall:

  #14 (comment)

So add that syscall to the allowed list.
  • Loading branch information
@eafer
eafer committed Jan 29, 2021
1 parent 183029f commit f986063
Showing 1 changed file with 1 addition and 0 deletions.
1 change: 1 addition & 0 deletions src/sandbox.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -37,6 +37,7 @@ static void do_start_sandbox(void)
fail |= seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(writev), 0);
fail |= seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(dup), 0);
fail |= seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(dup2), 0);
fail |= seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(dup3), 0);
fail |= seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(exit), 0);
fail |= seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(exit_group), 0);
fail |= seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(close), 0);
Expand Down

0 comments on commit f986063

Please sign in to comment.