blob: 0df09fa1feff653869dc32827c1d59ffd1eb0267 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
|
include common.chasc
# syscall nr is loaded in common.chasc
# for sendfd/recvfd
ifeqdef SYS_recvmsg allow
ifeqdef SYS_sendmsg allow
# following syscalls are rarely called
ifeqdef SYS_clock_gettime allow # used by QuickJS in atomics and cpuTime()
ifeqdef SYS_clock_gettime64 allow # 64-bit clock_gettime on 32-bit platforms
ifeqdef SYS_getpid allow # for determining current PID after we fork
ifeqdef SYS_gettimeofday allow # used by QuickJS in Date.now()
ifeqdef SYS_rt_sigreturn allow # newer kernels have this instead of sigreturn
ifeqdef SYS_set_robust_list allow # glibc seems to need it for whatever reason
ifeqdef SYS_sigreturn allow # called by signal trampoline
ifeqdef SYS_fork allow
# It would be great if this were enough to allow fork and only fork,
# but some Linuxen do not have fork, so most libcs prefer clone.
ifne SYS_clone not_clone
load args[0] # flags
# musl only passes SIGCHLD.
# glibc and bionic also pass settid, cleartid.
ifeq SIGCHLD clone_musl
ifne CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD deny
: clone_musl
load args[1] # child_stack
ifne 0 deny
load args[2] # parent_tid
ifne 0 deny
# 3, 4 are child_tid and tls respectively. tls in particular is normally
# 0, but it is swapped with child_tid on some architectures.
# This still means that at least one of the two must be 0.
load args[3]
ifeq 0 allow
load args[4]
ifeq 0 allow
: not_clone
: deny
ret trap
: kill
ret kill
: eperm
ret errno EPERM
: allow
ret allow
|