seccomp: add 64-bit time_t syscalls
Relates to https://patchwork.kernel.org/patch/10756415/
Added to whitelist:
- `clock_getres_time64` (equivalent of `clock_getres`, which was whitelisted)
- `clock_gettime64` (equivalent of `clock_gettime`, which was whitelisted)
- `clock_nanosleep_time64` (equivalent of `clock_nanosleep`, which was whitelisted)
- `futex_time64` (equivalent of `futex`, which was whitelisted)
- `io_pgetevents_time64` (equivalent of `io_pgetevents`, which was whitelisted)
- `mq_timedreceive_time64` (equivalent of `mq_timedreceive`, which was whitelisted)
- `mq_timedsend_time64 ` (equivalent of `mq_timedsend`, which was whitelisted)
- `ppoll_time64` (equivalent of `ppoll`, which was whitelisted)
- `pselect6_time64` (equivalent of `pselect6`, which was whitelisted)
- `recvmmsg_time64` (equivalent of `recvmmsg`, which was whitelisted)
- `rt_sigtimedwait_time64` (equivalent of `rt_sigtimedwait`, which was whitelisted)
- `sched_rr_get_interval_time64` (equivalent of `sched_rr_get_interval`, which was whitelisted)
- `semtimedop_time64` (equivalent of `semtimedop`, which was whitelisted)
- `timer_gettime64` (equivalent of `timer_gettime`, which was whitelisted)
- `timer_settime64` (equivalent of `timer_settime`, which was whitelisted)
- `timerfd_gettime64` (equivalent of `timerfd_gettime`, which was whitelisted)
- `timerfd_settime64` (equivalent of `timerfd_settime`, which was whitelisted)
- `utimensat_time64` (equivalent of `utimensat`, which was whitelisted)
Not added to whitelist:
- `clock_adjtime64` (equivalent of `clock_adjtime`, which was not whitelisted)
- `clock_settime64` (equivalent of `clock_settime`, which was not whitelisted)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Sebastiaan van Stijn authored on 2020/03/25 21:42:27Showing 2 changed files
| ... | ... |
@@ -66,8 +66,11 @@ |
| 66 | 66 |
"chown", |
| 67 | 67 |
"chown32", |
| 68 | 68 |
"clock_getres", |
| 69 |
+ "clock_getres_time64", |
|
| 69 | 70 |
"clock_gettime", |
| 71 |
+ "clock_gettime64", |
|
| 70 | 72 |
"clock_nanosleep", |
| 73 |
+ "clock_nanosleep_time64", |
|
| 71 | 74 |
"close", |
| 72 | 75 |
"connect", |
| 73 | 76 |
"copy_file_range", |
| ... | ... |
@@ -117,6 +120,7 @@ |
| 117 | 117 |
"ftruncate", |
| 118 | 118 |
"ftruncate64", |
| 119 | 119 |
"futex", |
| 120 |
+ "futex_time64", |
|
| 120 | 121 |
"futimesat", |
| 121 | 122 |
"getcpu", |
| 122 | 123 |
"getcwd", |
| ... | ... |
@@ -163,6 +167,7 @@ |
| 163 | 163 |
"io_destroy", |
| 164 | 164 |
"io_getevents", |
| 165 | 165 |
"io_pgetevents", |
| 166 |
+ "io_pgetevents_time64", |
|
| 166 | 167 |
"ioprio_get", |
| 167 | 168 |
"ioprio_set", |
| 168 | 169 |
"io_setup", |
| ... | ... |
@@ -203,7 +208,9 @@ |
| 203 | 203 |
"mq_notify", |
| 204 | 204 |
"mq_open", |
| 205 | 205 |
"mq_timedreceive", |
| 206 |
+ "mq_timedreceive_time64", |
|
| 206 | 207 |
"mq_timedsend", |
| 208 |
+ "mq_timedsend_time64", |
|
| 207 | 209 |
"mq_unlink", |
| 208 | 210 |
"mremap", |
| 209 | 211 |
"msgctl", |
| ... | ... |
@@ -224,12 +231,14 @@ |
| 224 | 224 |
"pipe2", |
| 225 | 225 |
"poll", |
| 226 | 226 |
"ppoll", |
| 227 |
+ "ppoll_time64", |
|
| 227 | 228 |
"prctl", |
| 228 | 229 |
"pread64", |
| 229 | 230 |
"preadv", |
| 230 | 231 |
"preadv2", |
| 231 | 232 |
"prlimit64", |
| 232 | 233 |
"pselect6", |
| 234 |
+ "pselect6_time64", |
|
| 233 | 235 |
"pwrite64", |
| 234 | 236 |
"pwritev", |
| 235 | 237 |
"pwritev2", |
| ... | ... |
@@ -241,6 +250,7 @@ |
| 241 | 241 |
"recv", |
| 242 | 242 |
"recvfrom", |
| 243 | 243 |
"recvmmsg", |
| 244 |
+ "recvmmsg_time64", |
|
| 244 | 245 |
"recvmsg", |
| 245 | 246 |
"remap_file_pages", |
| 246 | 247 |
"removexattr", |
| ... | ... |
@@ -256,6 +266,7 @@ |
| 256 | 256 |
"rt_sigreturn", |
| 257 | 257 |
"rt_sigsuspend", |
| 258 | 258 |
"rt_sigtimedwait", |
| 259 |
+ "rt_sigtimedwait_time64", |
|
| 259 | 260 |
"rt_tgsigqueueinfo", |
| 260 | 261 |
"sched_getaffinity", |
| 261 | 262 |
"sched_getattr", |
| ... | ... |
@@ -264,6 +275,7 @@ |
| 264 | 264 |
"sched_get_priority_min", |
| 265 | 265 |
"sched_getscheduler", |
| 266 | 266 |
"sched_rr_get_interval", |
| 267 |
+ "sched_rr_get_interval_time64", |
|
| 267 | 268 |
"sched_setaffinity", |
| 268 | 269 |
"sched_setattr", |
| 269 | 270 |
"sched_setparam", |
| ... | ... |
@@ -275,6 +287,7 @@ |
| 275 | 275 |
"semget", |
| 276 | 276 |
"semop", |
| 277 | 277 |
"semtimedop", |
| 278 |
+ "semtimedop_time64", |
|
| 278 | 279 |
"send", |
| 279 | 280 |
"sendfile", |
| 280 | 281 |
"sendfile64", |
| ... | ... |
@@ -339,12 +352,16 @@ |
| 339 | 339 |
"time", |
| 340 | 340 |
"timer_create", |
| 341 | 341 |
"timer_delete", |
| 342 |
- "timerfd_create", |
|
| 343 |
- "timerfd_gettime", |
|
| 344 |
- "timerfd_settime", |
|
| 345 | 342 |
"timer_getoverrun", |
| 346 | 343 |
"timer_gettime", |
| 344 |
+ "timer_gettime64", |
|
| 347 | 345 |
"timer_settime", |
| 346 |
+ "timer_settime64", |
|
| 347 |
+ "timerfd_create", |
|
| 348 |
+ "timerfd_gettime", |
|
| 349 |
+ "timerfd_gettime64", |
|
| 350 |
+ "timerfd_settime", |
|
| 351 |
+ "timerfd_settime64", |
|
| 348 | 352 |
"times", |
| 349 | 353 |
"tkill", |
| 350 | 354 |
"truncate", |
| ... | ... |
@@ -356,6 +373,7 @@ |
| 356 | 356 |
"unlinkat", |
| 357 | 357 |
"utime", |
| 358 | 358 |
"utimensat", |
| 359 |
+ "utimensat_time64", |
|
| 359 | 360 |
"utimes", |
| 360 | 361 |
"vfork", |
| 361 | 362 |
"vmsplice", |
| ... | ... |
@@ -59,8 +59,11 @@ func DefaultProfile() *types.Seccomp {
|
| 59 | 59 |
"chown", |
| 60 | 60 |
"chown32", |
| 61 | 61 |
"clock_getres", |
| 62 |
+ "clock_getres_time64", |
|
| 62 | 63 |
"clock_gettime", |
| 64 |
+ "clock_gettime64", |
|
| 63 | 65 |
"clock_nanosleep", |
| 66 |
+ "clock_nanosleep_time64", |
|
| 64 | 67 |
"close", |
| 65 | 68 |
"connect", |
| 66 | 69 |
"copy_file_range", |
| ... | ... |
@@ -110,6 +113,7 @@ func DefaultProfile() *types.Seccomp {
|
| 110 | 110 |
"ftruncate", |
| 111 | 111 |
"ftruncate64", |
| 112 | 112 |
"futex", |
| 113 |
+ "futex_time64", |
|
| 113 | 114 |
"futimesat", |
| 114 | 115 |
"getcpu", |
| 115 | 116 |
"getcwd", |
| ... | ... |
@@ -156,6 +160,7 @@ func DefaultProfile() *types.Seccomp {
|
| 156 | 156 |
"io_destroy", |
| 157 | 157 |
"io_getevents", |
| 158 | 158 |
"io_pgetevents", |
| 159 |
+ "io_pgetevents_time64", |
|
| 159 | 160 |
"ioprio_get", |
| 160 | 161 |
"ioprio_set", |
| 161 | 162 |
"io_setup", |
| ... | ... |
@@ -196,7 +201,9 @@ func DefaultProfile() *types.Seccomp {
|
| 196 | 196 |
"mq_notify", |
| 197 | 197 |
"mq_open", |
| 198 | 198 |
"mq_timedreceive", |
| 199 |
+ "mq_timedreceive_time64", |
|
| 199 | 200 |
"mq_timedsend", |
| 201 |
+ "mq_timedsend_time64", |
|
| 200 | 202 |
"mq_unlink", |
| 201 | 203 |
"mremap", |
| 202 | 204 |
"msgctl", |
| ... | ... |
@@ -217,12 +224,14 @@ func DefaultProfile() *types.Seccomp {
|
| 217 | 217 |
"pipe2", |
| 218 | 218 |
"poll", |
| 219 | 219 |
"ppoll", |
| 220 |
+ "ppoll_time64", |
|
| 220 | 221 |
"prctl", |
| 221 | 222 |
"pread64", |
| 222 | 223 |
"preadv", |
| 223 | 224 |
"preadv2", |
| 224 | 225 |
"prlimit64", |
| 225 | 226 |
"pselect6", |
| 227 |
+ "pselect6_time64", |
|
| 226 | 228 |
"pwrite64", |
| 227 | 229 |
"pwritev", |
| 228 | 230 |
"pwritev2", |
| ... | ... |
@@ -234,6 +243,7 @@ func DefaultProfile() *types.Seccomp {
|
| 234 | 234 |
"recv", |
| 235 | 235 |
"recvfrom", |
| 236 | 236 |
"recvmmsg", |
| 237 |
+ "recvmmsg_time64", |
|
| 237 | 238 |
"recvmsg", |
| 238 | 239 |
"remap_file_pages", |
| 239 | 240 |
"removexattr", |
| ... | ... |
@@ -249,6 +259,7 @@ func DefaultProfile() *types.Seccomp {
|
| 249 | 249 |
"rt_sigreturn", |
| 250 | 250 |
"rt_sigsuspend", |
| 251 | 251 |
"rt_sigtimedwait", |
| 252 |
+ "rt_sigtimedwait_time64", |
|
| 252 | 253 |
"rt_tgsigqueueinfo", |
| 253 | 254 |
"sched_getaffinity", |
| 254 | 255 |
"sched_getattr", |
| ... | ... |
@@ -257,6 +268,7 @@ func DefaultProfile() *types.Seccomp {
|
| 257 | 257 |
"sched_get_priority_min", |
| 258 | 258 |
"sched_getscheduler", |
| 259 | 259 |
"sched_rr_get_interval", |
| 260 |
+ "sched_rr_get_interval_time64", |
|
| 260 | 261 |
"sched_setaffinity", |
| 261 | 262 |
"sched_setattr", |
| 262 | 263 |
"sched_setparam", |
| ... | ... |
@@ -268,6 +280,7 @@ func DefaultProfile() *types.Seccomp {
|
| 268 | 268 |
"semget", |
| 269 | 269 |
"semop", |
| 270 | 270 |
"semtimedop", |
| 271 |
+ "semtimedop_time64", |
|
| 271 | 272 |
"send", |
| 272 | 273 |
"sendfile", |
| 273 | 274 |
"sendfile64", |
| ... | ... |
@@ -332,12 +345,16 @@ func DefaultProfile() *types.Seccomp {
|
| 332 | 332 |
"time", |
| 333 | 333 |
"timer_create", |
| 334 | 334 |
"timer_delete", |
| 335 |
- "timerfd_create", |
|
| 336 |
- "timerfd_gettime", |
|
| 337 |
- "timerfd_settime", |
|
| 338 | 335 |
"timer_getoverrun", |
| 339 | 336 |
"timer_gettime", |
| 337 |
+ "timer_gettime64", |
|
| 340 | 338 |
"timer_settime", |
| 339 |
+ "timer_settime64", |
|
| 340 |
+ "timerfd_create", |
|
| 341 |
+ "timerfd_gettime", |
|
| 342 |
+ "timerfd_gettime64", |
|
| 343 |
+ "timerfd_settime", |
|
| 344 |
+ "timerfd_settime64", |
|
| 341 | 345 |
"times", |
| 342 | 346 |
"tkill", |
| 343 | 347 |
"truncate", |
| ... | ... |
@@ -349,6 +366,7 @@ func DefaultProfile() *types.Seccomp {
|
| 349 | 349 |
"unlinkat", |
| 350 | 350 |
"utime", |
| 351 | 351 |
"utimensat", |
| 352 |
+ "utimensat_time64", |
|
| 352 | 353 |
"utimes", |
| 353 | 354 |
"vfork", |
| 354 | 355 |
"vmsplice", |