update syscall whitelist

jhass · Apr 3, 2015 · 19f985f · 19f985f
1 parent 4d39f7d
commit 19f985f
Show file tree

Hide file tree

Showing 2 changed files with 29 additions and 0 deletions.
diff --git a/sandbox/generate_syscall_list.rb b/sandbox/generate_syscall_list.rb
@@ -44,6 +44,7 @@ def needed? prog
   needed ||= needed? "exit"
   needed ||= needed? %(r, w = IO.pipe;  Process.run("/bin/cat", output: w, input: "hi"); p(r.read(1)))
   needed ||= needed? %(LibC.popen("ls", "r"))
+  needed ||= needed? %(require "compiler/crystal/**"; Crystal::Parser.parse("foo { |x| x.bar }"))
 
   unless needed
     needed_calls = tmp_calls

diff --git a/sandbox/sandbox_whitelist32 b/sandbox/sandbox_whitelist32
@@ -1,7 +1,10 @@
 _llseek
 _newselect
 access
+bdflush
 brk
+capset
+chdir
 chmod
 clock_gettime
 clone
@@ -12,11 +15,17 @@ fadvise64_64
 fcntl64
 fstat64
 futex
+get_thread_area
+getcpu
 getcwd
 getdents64
+getegid
 getegid32
+geteuid
 geteuid32
+getgid
 getgid32
+getgroups
 getpgrp
 getpid
 getppid
@@ -29,8 +38,14 @@ lseek
 lstat64
 mincore
 mkdir
+mlockall
 mmap2
+modify_ldt
+mount
 mprotect
+mpx
+mq_getsetattr
+mremap
 munmap
 open
 openat
@@ -39,14 +54,27 @@ pipe2
 prlimit64
 read
 readlink
+remap_file_pages
+removexattr
 rename
+renameat
+request_key
+restart_syscall
+rmdir
 rt_sigaction
+rt_sigpending
 rt_sigprocmask
 sched_getaffinity
 set_robust_list
 set_thread_area
 set_tid_address
+setxattr
+shmat
+shmdt
+shmget
+shutdown
 sigprocmask
+sigreturn
 socketcall
 stat64
 time