diff options
| author | bptato <nincsnevem662@gmail.com> | 2024-04-20 12:40:57 +0200 |
|---|---|---|
| committer | bptato <nincsnevem662@gmail.com> | 2024-04-20 12:47:49 +0200 |
| commit | 2df3a394d96c116301bb4df2fd1f67b8311fddee (patch) | |
| tree | 57ffe7a8b659ab4c864bb67917f1e115f44b8534 /src/utils/sandbox.nim | |
| parent | 503925d2c91e967d51354e322daec4feb62e7ff7 (diff) | |
| download | chawan-2df3a394d96c116301bb4df2fd1f67b8311fddee.tar.gz | |
sandbox: allow syscalls for epoll Nim selectors
This fixes setTimeout/setInterval causing crashes. Note: timerfd_gettime is not actually used by Nim right now. However, it seems like a good idea to add it to the set in case a future Nim version needs it, as it does no harm. We still do not allow signalfd, because it would let rogue buffers override our SIGSYS handler. (Not sure if this really matters, but we don't need it for now anyway.)
Diffstat (limited to 'src/utils/sandbox.nim')
| -rw-r--r-- | src/utils/sandbox.nim | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/src/utils/sandbox.nim b/src/utils/sandbox.nim index ad37c2d2..0a31fc41 100644 --- a/src/utils/sandbox.nim +++ b/src/utils/sandbox.nim @@ -85,6 +85,7 @@ elif defined(linux) and not disableSandbox: "close", # duh "connect", # for outgoing requests to loader "epoll_create", "epoll_create1", "epoll_ctl", "epoll_wait", # epoll stuff + "eventfd", # used by Nim selectors "exit_group", # for quit "fcntl", "fcntl64", # for changing blocking status "fork", # for when fork is really fork @@ -103,6 +104,9 @@ elif defined(linux) and not disableSandbox: "send", "sendmsg", "sendto", # for writing to sockets "set_robust_list", # glibc seems to need it for whatever reason "setrlimit", # glibc seems to use it for whatever reason + "timerfd_create", # used by Nim selectors + "timerfd_gettime", # not actually used by Nim but may be in the future + "timerfd_settime", # used by Nim selectors "write" # for writing to sockets ] for it in allowList: |