完善general规则

2024-12-28 16:01:41 +00:00 · 2016-10-23 01:56:35 +08:00 · 2016-10-23 01:56:35 +08:00 · b71625bedb
commit b71625bedb
parent 7b61b9f9db
1 changed files with 9 additions and 1 deletions
--- a/src/rules/general.c
+++ b/src/rules/general.c
@ -6,7 +6,15 @@

 int general_seccomp_rules(struct config *_config) {
    int syscalls_blacklist[] = {SCMP_SYS(socket), SCMP_SYS(clone),
-                                SCMP_SYS(fork)};
+                                SCMP_SYS(fork), SCMP_SYS(vfork),
+                                SCMP_SYS(writev), SCMP_SYS(kill),
+                                SCMP_SYS(chdir), SCMP_SYS(fchdir),
+                                SCMP_SYS(rename), SCMP_SYS(chmod),
+                                SCMP_SYS(fchmod), SCMP_SYS(chown),
+                                SCMP_SYS(fchown), SCMP_SYS(lchown),
+                                SCMP_SYS(setuid), SCMP_SYS(setgid),
+                                SCMP_SYS(capset), SCMP_SYS(mount),
+                                SCMP_SYS(sethostname)};
    int syscalls_blacklist_length = sizeof(syscalls_blacklist) / sizeof(int);
    scmp_filter_ctx ctx = NULL;
    // load seccomp rules