rmalley
/
kore_patches
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
kore_patches/0001-Patches-needed-to-run-...

105 lines
2.9 KiB
Diff
Raw Permalink Blame History

From f61e588cef7152d219151b2a3b644362de9a0af4 Mon Sep 17 00:00:00 2001
From: root <root@artificer.my.domain>
Date: Sat, 16 May 2020 21:27:26 -0400
Subject: [PATCH] Patches needed to run luajit
---
src/http.c | 2 +-
src/keymgr.c | 5 ++++-
src/seccomp.c | 18 ++++++++++++++++--
3 files changed, 21 insertions(+), 4 deletions(-)
diff --git a/src/http.c b/src/http.c
index 82f5992..71785f1 100644
--- a/src/http.c
+++ b/src/http.c
@@ -1017,7 +1017,7 @@ http_argument_urldecode(char *arg)
if (err != KORE_RESULT_OK)
return (err);
- if (v <= 0x1f || v == 0x7f)
+ if ((v <= 0x1f && v != '\n' && v != '\r') || v == 0x7f)
return (KORE_RESULT_ERROR);
*in++ = (char)v;
diff --git a/src/keymgr.c b/src/keymgr.c
index f20580b..a23d815 100644
--- a/src/keymgr.c
+++ b/src/keymgr.c
@@ -81,7 +81,7 @@ static struct sock_filter filter_keymgr[] = {
KORE_SYSCALL_ALLOW(lseek),
KORE_SYSCALL_ALLOW(write),
KORE_SYSCALL_ALLOW(close),
- KORE_SYSCALL_ALLOW(stat),
+ KORE_SYSCALL_ALLOW(statx),
KORE_SYSCALL_ALLOW(fstat),
KORE_SYSCALL_ALLOW(futex),
KORE_SYSCALL_ALLOW(writev),
@@ -99,6 +99,9 @@ static struct sock_filter filter_keymgr[] = {
KORE_SYSCALL_ALLOW(recvfrom),
#if defined(SYS_epoll_wait)
KORE_SYSCALL_ALLOW(epoll_wait),
+#endif
+#if defined(SYS_epoll_ctl)
+ KORE_SYSCALL_ALLOW(epoll_ctl),
#endif
KORE_SYSCALL_ALLOW(epoll_pwait),
diff --git a/src/seccomp.c b/src/seccomp.c
index 505ac0b..bc04b67 100644
--- a/src/seccomp.c
+++ b/src/seccomp.c
@@ -55,18 +55,29 @@ static struct sock_filter filter_kore[] = {
KORE_SYSCALL_ALLOW(open),
#endif
KORE_SYSCALL_ALLOW(read),
+#if defined(SYS_readv)
+ KORE_SYSCALL_ALLOW(readv),
+#endif
#if defined(SYS_stat)
KORE_SYSCALL_ALLOW(stat),
#endif
+#if defined(SYS_statx)
+ KORE_SYSCALL_ALLOW(statx),
+#endif
#if defined(SYS_lstat)
KORE_SYSCALL_ALLOW(lstat),
#endif
KORE_SYSCALL_ALLOW(fstat),
+ KORE_SYSCALL_ALLOW(fchown),
KORE_SYSCALL_ALLOW(write),
KORE_SYSCALL_ALLOW(fcntl),
KORE_SYSCALL_ALLOW(lseek),
KORE_SYSCALL_ALLOW(close),
KORE_SYSCALL_ALLOW(openat),
+ KORE_SYSCALL_ALLOW(newfstatat),
+ KORE_SYSCALL_ALLOW(unlinkat),
+ KORE_SYSCALL_ALLOW(fsync),
+ KORE_SYSCALL_ALLOW(fdatasync),
#if defined(SYS_access)
KORE_SYSCALL_ALLOW(access),
#endif
@@ -87,14 +98,17 @@ static struct sock_filter filter_kore[] = {
KORE_SYSCALL_ALLOW(geteuid),
KORE_SYSCALL_ALLOW(exit_group),
KORE_SYSCALL_ALLOW(nanosleep),
+ KORE_SYSCALL_ALLOW(clone),
+ KORE_SYSCALL_ALLOW(wait4),
/* Memory related. */
KORE_SYSCALL_ALLOW(brk),
KORE_SYSCALL_ALLOW(munmap),
+ KORE_SYSCALL_ALLOW(pipe2),
/* Deny mmap/mprotect calls with PROT_EXEC/PROT_WRITE protection. */
- KORE_SYSCALL_DENY_WITH_FLAG(mmap, 2, PROT_EXEC | PROT_WRITE, EINVAL),
- KORE_SYSCALL_DENY_WITH_FLAG(mprotect, 2, PROT_EXEC, EINVAL),
+ //KORE_SYSCALL_DENY_WITH_FLAG(mmap, 2, PROT_EXEC | PROT_WRITE, EINVAL),
+ //KORE_SYSCALL_DENY_WITH_FLAG(mprotect, 2, PROT_EXEC, EINVAL),
KORE_SYSCALL_ALLOW(mmap),
KORE_SYSCALL_ALLOW(madvise),
--
2.26.2
Reference in New Issue View Git Blame Copy Permalink