architecture dependent comments for seccomp filter (#1195065)

This commit is contained in:
Jakub Jelen 2015-03-10 07:12:13 +01:00
parent 7aa6321a86
commit 68fa4fb961

View File

@ -29,17 +29,17 @@ index 095b04a..52f6810 100644
- SC_DENY(stat, EACCES), - SC_DENY(stat, EACCES),
+ SC_DENY(openat, EACCES), + SC_DENY(openat, EACCES),
+#ifdef __NR_open +#ifdef __NR_open
+ SC_DENY(open, EACCES), /* - AArch64 */ + SC_DENY(open, EACCES), /* not on AArch64 */
+#endif +#endif
+#ifdef __NR_fstat +#ifdef __NR_fstat
+ SC_DENY(fstat, EACCES), /* + x86_64 */ + SC_DENY(fstat, EACCES), /* x86_64, Aarch64 */
+#endif +#endif
+#if defined(__NR_stat64) && defined(__NR_fstat64) +#if defined(__NR_stat64) && defined(__NR_fstat64)
+ SC_DENY(stat64, EACCES), /* + ix86, arm */ + SC_DENY(stat64, EACCES), /* ix86, arm */
+ SC_DENY(fstat64, EACCES), + SC_DENY(fstat64, EACCES),
+#endif +#endif
+#ifdef __NR_newfstatat +#ifdef __NR_newfstatat
+ SC_DENY(newfstatat, EACCES), /* + Aarch64 */ + SC_DENY(newfstatat, EACCES), /* Aarch64 */
+#endif +#endif
SC_ALLOW(getpid), SC_ALLOW(getpid),
SC_ALLOW(gettimeofday), SC_ALLOW(gettimeofday),
@ -48,16 +48,16 @@ index 095b04a..52f6810 100644
SC_ALLOW(shutdown), SC_ALLOW(shutdown),
#endif #endif
SC_ALLOW(brk), SC_ALLOW(brk),
+#ifdef __NR_poll /* Not available on AArch64 */ +#ifdef __NR_poll /* not on AArch64 */
SC_ALLOW(poll), SC_ALLOW(poll),
+#endif +#endif
#ifdef __NR__newselect #ifdef __NR__newselect
SC_ALLOW(_newselect), SC_ALLOW(_newselect),
#else #else
+#ifdef __NR_select /* Not available on AArch64 */ +#ifdef __NR_select /* not on AArch64 */
SC_ALLOW(select), SC_ALLOW(select),
#endif #endif
+#ifdef __NR_pselect6 /* + AArch64 */ +#ifdef __NR_pselect6 /* AArch64 */
+ SC_ALLOW(pselect6), + SC_ALLOW(pselect6),
+#endif +#endif
+#endif +#endif