~seanlynch/mooa

4f889169ade576de6fc1b7d25036bdec881fdb97 — Sean Lynch 8 years ago cff8d71
Complete syscall whitelist
3 files changed, 20 insertions(+), 2 deletions(-)

M Makefile
M mooa.c
M task.c
M Makefile => Makefile +1 -1
@@ 1,7 1,7 @@
CC = clang
CFLAGS += -std=c99 -g -O0 \
	  -fPIE -fstack-protector-strong \
	  -DVERSION=\"$(shell git describe)\"
	  -DVERSION=\"$(shell git describe --tags)\"
LINT=splint
LUA_CFLAGS=$(pkg-config --cflags lua)
LIBS=$(shell pkg-config --libs lua) -lev -ludns

M mooa.c => mooa.c +17 -1
@@ 99,7 99,7 @@ static int get_syscall_nr(const char *name) {


static void install_seccomp_filter(const char *syscalls[]) {
  scmp_filter_ctx ctx = seccomp_init(SCMP_ACT_TRACE(1));
  scmp_filter_ctx ctx = seccomp_init(SCMP_ACT_TRAP);
  if (!ctx) {
    errx(EXIT_FAILURE, "Failed to init seccomp");
  }


@@ 160,12 160,28 @@ int main(void) {
  lua_State *L;
  const char *whitelist[] = {
    "brk",
    "close",
    "connect",
    "epoll_create1",
    "epoll_ctl",
    "epoll_wait",
    "eventfd2",
    "exit",
    "exit_group",
    "fcntl",
    "fstat",
    "getegid",
    "geteuid",
    "getgid",
    "gettid",
    "getuid",    
    "mmap",
    "read",
    "recvfrom",
    "rt_sigaction",
    "rt_sigprocmask",
    "sendto",
    "socket",
    "tgkill",
    "write",
    NULL

M task.c => task.c +2 -0
@@ 159,11 159,13 @@ static void mooa_task_step(mooa_task_t *task) {

static void mooa_task_timer_cb(struct ev_loop *loop, ev_timer *timer,
                               int revents) {
#pragma unused(loop, revents)
  mooa_task_schedule((mooa_task_t *)timer->data, 0);
}


static void mooa_task_io_cb(struct ev_loop *loop, ev_io *io, int revents) {
#pragma unused(revents)
  ev_io_stop(loop, io);
  mooa_task_schedule((mooa_task_t *)io->data, 0);
}