seccomp: add 64-bit time_t syscalls

Relates to https://patchwork.kernel.org/patch/10756415/ Added to whitelist: - `clock_getres_time64` (equivalent of `clock_getres`, which was whitelisted) - `clock_gettime64` (equivalent of `clock_gettime`, which was whitelisted) - `clock_nanosleep_time64` (equivalent of `clock_nanosleep`, which was whitelisted) - `futex_time64` (equivalent of `futex`, which was whitelisted) - `io_pgetevents_time64` (equivalent of `io_pgetevents`, which was whitelisted) - `mq_timedreceive_time64` (equivalent of `mq_timedreceive`, which was whitelisted) - `mq_timedsend_time64 ` (equivalent of `mq_timedsend`, which was whitelisted) - `ppoll_time64` (equivalent of `ppoll`, which was whitelisted) - `pselect6_time64` (equivalent of `pselect6`, which was whitelisted) - `recvmmsg_time64` (equivalent of `recvmmsg`, which was whitelisted) - `rt_sigtimedwait_time64` (equivalent of `rt_sigtimedwait`, which was whitelisted) - `sched_rr_get_interval_time64` (equivalent of `sched_rr_get_interval`, which was whitelisted) - `semtimedop_time64` (equivalent of `semtimedop`, which was whitelisted) - `timer_gettime64` (equivalent of `timer_gettime`, which was whitelisted) - `timer_settime64` (equivalent of `timer_settime`, which was whitelisted) - `timerfd_gettime64` (equivalent of `timerfd_gettime`, which was whitelisted) - `timerfd_settime64` (equivalent of `timerfd_settime`, which was whitelisted) - `utimensat_time64` (equivalent of `utimensat`, which was whitelisted) Not added to whitelist: - `clock_adjtime64` (equivalent of `clock_adjtime`, which was not whitelisted) - `clock_settime64` (equivalent of `clock_settime`, which was not whitelisted) Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-03-25 14:07:38 +01:00 · 2020-03-25 14:07:38 +01:00 · 9529c69b8a
commit 9529c69b8a
parent e0d4208f7e
1 changed files with 21 additions and 4 deletions
--- a/contrib/seccomp/seccomp_default.go
+++ b/contrib/seccomp/seccomp_default.go
@ -56,7 +56,6 @@ func DefaultProfile(sp *specs.Spec) *specs.LinuxSeccomp {
 				"accept4",
 				"access",
 				"alarm",
-				"alarm",
 				"bind",
 				"brk",
 				"capget",
@ -66,8 +65,11 @@ func DefaultProfile(sp *specs.Spec) *specs.LinuxSeccomp {
 				"chown",
 				"chown32",
 				"clock_getres",
+				"clock_getres_time64",
 				"clock_gettime",
+				"clock_gettime64",
 				"clock_nanosleep",
+				"clock_nanosleep_time64",
 				"close",
 				"connect",
 				"copy_file_range",
@ -117,6 +119,7 @@ func DefaultProfile(sp *specs.Spec) *specs.LinuxSeccomp {
 				"ftruncate",
 				"ftruncate64",
 				"futex",
+				"futex_time64",
 				"futimesat",
 				"getcpu",
 				"getcwd",
@ -163,6 +166,7 @@ func DefaultProfile(sp *specs.Spec) *specs.LinuxSeccomp {
 				"io_destroy",
 				"io_getevents",
 				"io_pgetevents",
+				"io_pgetevents_time64",
 				"ioprio_get",
 				"ioprio_set",
 				"io_setup",
@ -200,7 +204,9 @@ func DefaultProfile(sp *specs.Spec) *specs.LinuxSeccomp {
 				"mq_notify",
 				"mq_open",
 				"mq_timedreceive",
+				"mq_timedreceive_time64",
 				"mq_timedsend",
+				"mq_timedsend_time64",
 				"mq_unlink",
 				"mremap",
 				"msgctl",
@ -221,11 +227,13 @@ func DefaultProfile(sp *specs.Spec) *specs.LinuxSeccomp {
 				"pipe2",
 				"poll",
 				"ppoll",
+				"ppoll_time64",
 				"prctl",
 				"pread64",
 				"preadv",
 				"prlimit64",
 				"pselect6",
+				"pselect6_time64",
 				"pwrite64",
 				"pwritev",
 				"read",
@ -236,6 +244,7 @@ func DefaultProfile(sp *specs.Spec) *specs.LinuxSeccomp {
 				"recv",
 				"recvfrom",
 				"recvmmsg",
+				"recvmmsg_time64",
 				"recvmsg",
 				"remap_file_pages",
 				"removexattr",
@ -251,6 +260,7 @@ func DefaultProfile(sp *specs.Spec) *specs.LinuxSeccomp {
 				"rt_sigreturn",
 				"rt_sigsuspend",
 				"rt_sigtimedwait",
+				"rt_sigtimedwait_time64",
 				"rt_tgsigqueueinfo",
 				"sched_getaffinity",
 				"sched_getattr",
@ -259,6 +269,7 @@ func DefaultProfile(sp *specs.Spec) *specs.LinuxSeccomp {
 				"sched_get_priority_min",
 				"sched_getscheduler",
 				"sched_rr_get_interval",
+				"sched_rr_get_interval_time64",
 				"sched_setaffinity",
 				"sched_setattr",
 				"sched_setparam",
@ -270,6 +281,7 @@ func DefaultProfile(sp *specs.Spec) *specs.LinuxSeccomp {
 				"semget",
 				"semop",
 				"semtimedop",
+				"semtimedop_time64",
 				"send",
 				"sendfile",
 				"sendfile64",
@ -335,12 +347,16 @@ func DefaultProfile(sp *specs.Spec) *specs.LinuxSeccomp {
 				"time",
 				"timer_create",
 				"timer_delete",
-				"timerfd_create",
-				"timerfd_gettime",
-				"timerfd_settime",
 				"timer_getoverrun",
 				"timer_gettime",
+				"timer_gettime64",
 				"timer_settime",
+				"timer_settime64",
+				"timerfd_create",
+				"timerfd_gettime",
+				"timerfd_gettime64",
+				"timerfd_settime",
+				"timerfd_settime64",
 				"times",
 				"tkill",
 				"truncate",
@ -352,6 +368,7 @@ func DefaultProfile(sp *specs.Spec) *specs.LinuxSeccomp {
 				"unlinkat",
 				"utime",
 				"utimensat",
+				"utimensat_time64",
 				"utimes",
 				"vfork",
 				"vmsplice",