seccomp: add 64-bit time_t syscalls
Relates to https://patchwork.kernel.org/patch/10756415/
Added to whitelist:
- `clock_getres_time64` (equivalent of `clock_getres`, which was whitelisted)
- `clock_gettime64` (equivalent of `clock_gettime`, which was whitelisted)
- `clock_nanosleep_time64` (equivalent of `clock_nanosleep`, which was whitelisted)
- `futex_time64` (equivalent of `futex`, which was whitelisted)
- `io_pgetevents_time64` (equivalent of `io_pgetevents`, which was whitelisted)
- `mq_timedreceive_time64` (equivalent of `mq_timedreceive`, which was whitelisted)
- `mq_timedsend_time64 ` (equivalent of `mq_timedsend`, which was whitelisted)
- `ppoll_time64` (equivalent of `ppoll`, which was whitelisted)
- `pselect6_time64` (equivalent of `pselect6`, which was whitelisted)
- `recvmmsg_time64` (equivalent of `recvmmsg`, which was whitelisted)
- `rt_sigtimedwait_time64` (equivalent of `rt_sigtimedwait`, which was whitelisted)
- `sched_rr_get_interval_time64` (equivalent of `sched_rr_get_interval`, which was whitelisted)
- `semtimedop_time64` (equivalent of `semtimedop`, which was whitelisted)
- `timer_gettime64` (equivalent of `timer_gettime`, which was whitelisted)
- `timer_settime64` (equivalent of `timer_settime`, which was whitelisted)
- `timerfd_gettime64` (equivalent of `timerfd_gettime`, which was whitelisted)
- `timerfd_settime64` (equivalent of `timerfd_settime`, which was whitelisted)
- `utimensat_time64` (equivalent of `utimensat`, which was whitelisted)
Not added to whitelist:
- `clock_adjtime64` (equivalent of `clock_adjtime`, which was not whitelisted)
- `clock_settime64` (equivalent of `clock_settime`, which was not whitelisted)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 89fabf0f241292e929fbb2fbb794d58d8d697ab5)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Sebastiaan van Stijn authored on 2020/03/25 21:42:27Showing 2 changed files
| ... | ... |
@@ -66,8 +66,11 @@ |
| 66 | 66 |
"chown", |
| 67 | 67 |
"chown32", |
| 68 | 68 |
"clock_getres", |
| 69 |
+ "clock_getres_time64", |
|
| 69 | 70 |
"clock_gettime", |
| 71 |
+ "clock_gettime64", |
|
| 70 | 72 |
"clock_nanosleep", |
| 73 |
+ "clock_nanosleep_time64", |
|
| 71 | 74 |
"close", |
| 72 | 75 |
"connect", |
| 73 | 76 |
"copy_file_range", |
| ... | ... |
@@ -117,6 +120,7 @@ |
| 117 | 117 |
"ftruncate", |
| 118 | 118 |
"ftruncate64", |
| 119 | 119 |
"futex", |
| 120 |
+ "futex_time64", |
|
| 120 | 121 |
"futimesat", |
| 121 | 122 |
"getcpu", |
| 122 | 123 |
"getcwd", |
| ... | ... |
@@ -163,6 +167,7 @@ |
| 163 | 163 |
"io_destroy", |
| 164 | 164 |
"io_getevents", |
| 165 | 165 |
"io_pgetevents", |
| 166 |
+ "io_pgetevents_time64", |
|
| 166 | 167 |
"ioprio_get", |
| 167 | 168 |
"ioprio_set", |
| 168 | 169 |
"io_setup", |
| ... | ... |
@@ -200,7 +205,9 @@ |
| 200 | 200 |
"mq_notify", |
| 201 | 201 |
"mq_open", |
| 202 | 202 |
"mq_timedreceive", |
| 203 |
+ "mq_timedreceive_time64", |
|
| 203 | 204 |
"mq_timedsend", |
| 205 |
+ "mq_timedsend_time64", |
|
| 204 | 206 |
"mq_unlink", |
| 205 | 207 |
"mremap", |
| 206 | 208 |
"msgctl", |
| ... | ... |
@@ -221,12 +228,14 @@ |
| 221 | 221 |
"pipe2", |
| 222 | 222 |
"poll", |
| 223 | 223 |
"ppoll", |
| 224 |
+ "ppoll_time64", |
|
| 224 | 225 |
"prctl", |
| 225 | 226 |
"pread64", |
| 226 | 227 |
"preadv", |
| 227 | 228 |
"preadv2", |
| 228 | 229 |
"prlimit64", |
| 229 | 230 |
"pselect6", |
| 231 |
+ "pselect6_time64", |
|
| 230 | 232 |
"pwrite64", |
| 231 | 233 |
"pwritev", |
| 232 | 234 |
"pwritev2", |
| ... | ... |
@@ -238,6 +247,7 @@ |
| 238 | 238 |
"recv", |
| 239 | 239 |
"recvfrom", |
| 240 | 240 |
"recvmmsg", |
| 241 |
+ "recvmmsg_time64", |
|
| 241 | 242 |
"recvmsg", |
| 242 | 243 |
"remap_file_pages", |
| 243 | 244 |
"removexattr", |
| ... | ... |
@@ -253,6 +263,7 @@ |
| 253 | 253 |
"rt_sigreturn", |
| 254 | 254 |
"rt_sigsuspend", |
| 255 | 255 |
"rt_sigtimedwait", |
| 256 |
+ "rt_sigtimedwait_time64", |
|
| 256 | 257 |
"rt_tgsigqueueinfo", |
| 257 | 258 |
"sched_getaffinity", |
| 258 | 259 |
"sched_getattr", |
| ... | ... |
@@ -261,6 +272,7 @@ |
| 261 | 261 |
"sched_get_priority_min", |
| 262 | 262 |
"sched_getscheduler", |
| 263 | 263 |
"sched_rr_get_interval", |
| 264 |
+ "sched_rr_get_interval_time64", |
|
| 264 | 265 |
"sched_setaffinity", |
| 265 | 266 |
"sched_setattr", |
| 266 | 267 |
"sched_setparam", |
| ... | ... |
@@ -272,6 +284,7 @@ |
| 272 | 272 |
"semget", |
| 273 | 273 |
"semop", |
| 274 | 274 |
"semtimedop", |
| 275 |
+ "semtimedop_time64", |
|
| 275 | 276 |
"send", |
| 276 | 277 |
"sendfile", |
| 277 | 278 |
"sendfile64", |
| ... | ... |
@@ -336,12 +349,16 @@ |
| 336 | 336 |
"time", |
| 337 | 337 |
"timer_create", |
| 338 | 338 |
"timer_delete", |
| 339 |
- "timerfd_create", |
|
| 340 |
- "timerfd_gettime", |
|
| 341 |
- "timerfd_settime", |
|
| 342 | 339 |
"timer_getoverrun", |
| 343 | 340 |
"timer_gettime", |
| 341 |
+ "timer_gettime64", |
|
| 344 | 342 |
"timer_settime", |
| 343 |
+ "timer_settime64", |
|
| 344 |
+ "timerfd_create", |
|
| 345 |
+ "timerfd_gettime", |
|
| 346 |
+ "timerfd_gettime64", |
|
| 347 |
+ "timerfd_settime", |
|
| 348 |
+ "timerfd_settime64", |
|
| 345 | 349 |
"times", |
| 346 | 350 |
"tkill", |
| 347 | 351 |
"truncate", |
| ... | ... |
@@ -353,6 +370,7 @@ |
| 353 | 353 |
"unlinkat", |
| 354 | 354 |
"utime", |
| 355 | 355 |
"utimensat", |
| 356 |
+ "utimensat_time64", |
|
| 356 | 357 |
"utimes", |
| 357 | 358 |
"vfork", |
| 358 | 359 |
"vmsplice", |
| ... | ... |
@@ -59,8 +59,11 @@ func DefaultProfile() *types.Seccomp {
|
| 59 | 59 |
"chown", |
| 60 | 60 |
"chown32", |
| 61 | 61 |
"clock_getres", |
| 62 |
+ "clock_getres_time64", |
|
| 62 | 63 |
"clock_gettime", |
| 64 |
+ "clock_gettime64", |
|
| 63 | 65 |
"clock_nanosleep", |
| 66 |
+ "clock_nanosleep_time64", |
|
| 64 | 67 |
"close", |
| 65 | 68 |
"connect", |
| 66 | 69 |
"copy_file_range", |
| ... | ... |
@@ -110,6 +113,7 @@ func DefaultProfile() *types.Seccomp {
|
| 110 | 110 |
"ftruncate", |
| 111 | 111 |
"ftruncate64", |
| 112 | 112 |
"futex", |
| 113 |
+ "futex_time64", |
|
| 113 | 114 |
"futimesat", |
| 114 | 115 |
"getcpu", |
| 115 | 116 |
"getcwd", |
| ... | ... |
@@ -156,6 +160,7 @@ func DefaultProfile() *types.Seccomp {
|
| 156 | 156 |
"io_destroy", |
| 157 | 157 |
"io_getevents", |
| 158 | 158 |
"io_pgetevents", |
| 159 |
+ "io_pgetevents_time64", |
|
| 159 | 160 |
"ioprio_get", |
| 160 | 161 |
"ioprio_set", |
| 161 | 162 |
"io_setup", |
| ... | ... |
@@ -193,7 +198,9 @@ func DefaultProfile() *types.Seccomp {
|
| 193 | 193 |
"mq_notify", |
| 194 | 194 |
"mq_open", |
| 195 | 195 |
"mq_timedreceive", |
| 196 |
+ "mq_timedreceive_time64", |
|
| 196 | 197 |
"mq_timedsend", |
| 198 |
+ "mq_timedsend_time64", |
|
| 197 | 199 |
"mq_unlink", |
| 198 | 200 |
"mremap", |
| 199 | 201 |
"msgctl", |
| ... | ... |
@@ -214,12 +221,14 @@ func DefaultProfile() *types.Seccomp {
|
| 214 | 214 |
"pipe2", |
| 215 | 215 |
"poll", |
| 216 | 216 |
"ppoll", |
| 217 |
+ "ppoll_time64", |
|
| 217 | 218 |
"prctl", |
| 218 | 219 |
"pread64", |
| 219 | 220 |
"preadv", |
| 220 | 221 |
"preadv2", |
| 221 | 222 |
"prlimit64", |
| 222 | 223 |
"pselect6", |
| 224 |
+ "pselect6_time64", |
|
| 223 | 225 |
"pwrite64", |
| 224 | 226 |
"pwritev", |
| 225 | 227 |
"pwritev2", |
| ... | ... |
@@ -231,6 +240,7 @@ func DefaultProfile() *types.Seccomp {
|
| 231 | 231 |
"recv", |
| 232 | 232 |
"recvfrom", |
| 233 | 233 |
"recvmmsg", |
| 234 |
+ "recvmmsg_time64", |
|
| 234 | 235 |
"recvmsg", |
| 235 | 236 |
"remap_file_pages", |
| 236 | 237 |
"removexattr", |
| ... | ... |
@@ -246,6 +256,7 @@ func DefaultProfile() *types.Seccomp {
|
| 246 | 246 |
"rt_sigreturn", |
| 247 | 247 |
"rt_sigsuspend", |
| 248 | 248 |
"rt_sigtimedwait", |
| 249 |
+ "rt_sigtimedwait_time64", |
|
| 249 | 250 |
"rt_tgsigqueueinfo", |
| 250 | 251 |
"sched_getaffinity", |
| 251 | 252 |
"sched_getattr", |
| ... | ... |
@@ -254,6 +265,7 @@ func DefaultProfile() *types.Seccomp {
|
| 254 | 254 |
"sched_get_priority_min", |
| 255 | 255 |
"sched_getscheduler", |
| 256 | 256 |
"sched_rr_get_interval", |
| 257 |
+ "sched_rr_get_interval_time64", |
|
| 257 | 258 |
"sched_setaffinity", |
| 258 | 259 |
"sched_setattr", |
| 259 | 260 |
"sched_setparam", |
| ... | ... |
@@ -265,6 +277,7 @@ func DefaultProfile() *types.Seccomp {
|
| 265 | 265 |
"semget", |
| 266 | 266 |
"semop", |
| 267 | 267 |
"semtimedop", |
| 268 |
+ "semtimedop_time64", |
|
| 268 | 269 |
"send", |
| 269 | 270 |
"sendfile", |
| 270 | 271 |
"sendfile64", |
| ... | ... |
@@ -329,12 +342,16 @@ func DefaultProfile() *types.Seccomp {
|
| 329 | 329 |
"time", |
| 330 | 330 |
"timer_create", |
| 331 | 331 |
"timer_delete", |
| 332 |
- "timerfd_create", |
|
| 333 |
- "timerfd_gettime", |
|
| 334 |
- "timerfd_settime", |
|
| 335 | 332 |
"timer_getoverrun", |
| 336 | 333 |
"timer_gettime", |
| 334 |
+ "timer_gettime64", |
|
| 337 | 335 |
"timer_settime", |
| 336 |
+ "timer_settime64", |
|
| 337 |
+ "timerfd_create", |
|
| 338 |
+ "timerfd_gettime", |
|
| 339 |
+ "timerfd_gettime64", |
|
| 340 |
+ "timerfd_settime", |
|
| 341 |
+ "timerfd_settime64", |
|
| 338 | 342 |
"times", |
| 339 | 343 |
"tkill", |
| 340 | 344 |
"truncate", |
| ... | ... |
@@ -346,6 +363,7 @@ func DefaultProfile() *types.Seccomp {
|
| 346 | 346 |
"unlinkat", |
| 347 | 347 |
"utime", |
| 348 | 348 |
"utimensat", |
| 349 |
+ "utimensat_time64", |
|
| 349 | 350 |
"utimes", |
| 350 | 351 |
"vfork", |
| 351 | 352 |
"vmsplice", |