Inital commit
This commit is contained in:
commit
74c2d3a9a4
|
@ -0,0 +1,104 @@
|
||||||
|
From f61e588cef7152d219151b2a3b644362de9a0af4 Mon Sep 17 00:00:00 2001
|
||||||
|
From: root <root@artificer.my.domain>
|
||||||
|
Date: Sat, 16 May 2020 21:27:26 -0400
|
||||||
|
Subject: [PATCH] Patches needed to run luajit
|
||||||
|
|
||||||
|
---
|
||||||
|
src/http.c | 2 +-
|
||||||
|
src/keymgr.c | 5 ++++-
|
||||||
|
src/seccomp.c | 18 ++++++++++++++++--
|
||||||
|
3 files changed, 21 insertions(+), 4 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/src/http.c b/src/http.c
|
||||||
|
index 82f5992..71785f1 100644
|
||||||
|
--- a/src/http.c
|
||||||
|
+++ b/src/http.c
|
||||||
|
@@ -1017,7 +1017,7 @@ http_argument_urldecode(char *arg)
|
||||||
|
if (err != KORE_RESULT_OK)
|
||||||
|
return (err);
|
||||||
|
|
||||||
|
- if (v <= 0x1f || v == 0x7f)
|
||||||
|
+ if ((v <= 0x1f && v != '\n' && v != '\r') || v == 0x7f)
|
||||||
|
return (KORE_RESULT_ERROR);
|
||||||
|
|
||||||
|
*in++ = (char)v;
|
||||||
|
diff --git a/src/keymgr.c b/src/keymgr.c
|
||||||
|
index f20580b..a23d815 100644
|
||||||
|
--- a/src/keymgr.c
|
||||||
|
+++ b/src/keymgr.c
|
||||||
|
@@ -81,7 +81,7 @@ static struct sock_filter filter_keymgr[] = {
|
||||||
|
KORE_SYSCALL_ALLOW(lseek),
|
||||||
|
KORE_SYSCALL_ALLOW(write),
|
||||||
|
KORE_SYSCALL_ALLOW(close),
|
||||||
|
- KORE_SYSCALL_ALLOW(stat),
|
||||||
|
+ KORE_SYSCALL_ALLOW(statx),
|
||||||
|
KORE_SYSCALL_ALLOW(fstat),
|
||||||
|
KORE_SYSCALL_ALLOW(futex),
|
||||||
|
KORE_SYSCALL_ALLOW(writev),
|
||||||
|
@@ -99,6 +99,9 @@ static struct sock_filter filter_keymgr[] = {
|
||||||
|
KORE_SYSCALL_ALLOW(recvfrom),
|
||||||
|
#if defined(SYS_epoll_wait)
|
||||||
|
KORE_SYSCALL_ALLOW(epoll_wait),
|
||||||
|
+#endif
|
||||||
|
+#if defined(SYS_epoll_ctl)
|
||||||
|
+ KORE_SYSCALL_ALLOW(epoll_ctl),
|
||||||
|
#endif
|
||||||
|
KORE_SYSCALL_ALLOW(epoll_pwait),
|
||||||
|
|
||||||
|
diff --git a/src/seccomp.c b/src/seccomp.c
|
||||||
|
index 505ac0b..bc04b67 100644
|
||||||
|
--- a/src/seccomp.c
|
||||||
|
+++ b/src/seccomp.c
|
||||||
|
@@ -55,18 +55,29 @@ static struct sock_filter filter_kore[] = {
|
||||||
|
KORE_SYSCALL_ALLOW(open),
|
||||||
|
#endif
|
||||||
|
KORE_SYSCALL_ALLOW(read),
|
||||||
|
+#if defined(SYS_readv)
|
||||||
|
+ KORE_SYSCALL_ALLOW(readv),
|
||||||
|
+#endif
|
||||||
|
#if defined(SYS_stat)
|
||||||
|
KORE_SYSCALL_ALLOW(stat),
|
||||||
|
#endif
|
||||||
|
+#if defined(SYS_statx)
|
||||||
|
+ KORE_SYSCALL_ALLOW(statx),
|
||||||
|
+#endif
|
||||||
|
#if defined(SYS_lstat)
|
||||||
|
KORE_SYSCALL_ALLOW(lstat),
|
||||||
|
#endif
|
||||||
|
KORE_SYSCALL_ALLOW(fstat),
|
||||||
|
+ KORE_SYSCALL_ALLOW(fchown),
|
||||||
|
KORE_SYSCALL_ALLOW(write),
|
||||||
|
KORE_SYSCALL_ALLOW(fcntl),
|
||||||
|
KORE_SYSCALL_ALLOW(lseek),
|
||||||
|
KORE_SYSCALL_ALLOW(close),
|
||||||
|
KORE_SYSCALL_ALLOW(openat),
|
||||||
|
+ KORE_SYSCALL_ALLOW(newfstatat),
|
||||||
|
+ KORE_SYSCALL_ALLOW(unlinkat),
|
||||||
|
+ KORE_SYSCALL_ALLOW(fsync),
|
||||||
|
+ KORE_SYSCALL_ALLOW(fdatasync),
|
||||||
|
#if defined(SYS_access)
|
||||||
|
KORE_SYSCALL_ALLOW(access),
|
||||||
|
#endif
|
||||||
|
@@ -87,14 +98,17 @@ static struct sock_filter filter_kore[] = {
|
||||||
|
KORE_SYSCALL_ALLOW(geteuid),
|
||||||
|
KORE_SYSCALL_ALLOW(exit_group),
|
||||||
|
KORE_SYSCALL_ALLOW(nanosleep),
|
||||||
|
+ KORE_SYSCALL_ALLOW(clone),
|
||||||
|
+ KORE_SYSCALL_ALLOW(wait4),
|
||||||
|
|
||||||
|
/* Memory related. */
|
||||||
|
KORE_SYSCALL_ALLOW(brk),
|
||||||
|
KORE_SYSCALL_ALLOW(munmap),
|
||||||
|
+ KORE_SYSCALL_ALLOW(pipe2),
|
||||||
|
|
||||||
|
/* Deny mmap/mprotect calls with PROT_EXEC/PROT_WRITE protection. */
|
||||||
|
- KORE_SYSCALL_DENY_WITH_FLAG(mmap, 2, PROT_EXEC | PROT_WRITE, EINVAL),
|
||||||
|
- KORE_SYSCALL_DENY_WITH_FLAG(mprotect, 2, PROT_EXEC, EINVAL),
|
||||||
|
+ //KORE_SYSCALL_DENY_WITH_FLAG(mmap, 2, PROT_EXEC | PROT_WRITE, EINVAL),
|
||||||
|
+ //KORE_SYSCALL_DENY_WITH_FLAG(mprotect, 2, PROT_EXEC, EINVAL),
|
||||||
|
|
||||||
|
KORE_SYSCALL_ALLOW(mmap),
|
||||||
|
KORE_SYSCALL_ALLOW(madvise),
|
||||||
|
--
|
||||||
|
2.26.2
|
||||||
|
|
Loading…
Reference in New Issue