op public repos

Commit Diff

Commit:: f88311e5344ed934d8b05c3738cca2a978491987
From:: Omar Polo <op@omarpolo.com>
Date:: Sun Jan 24 19:12:32 2021 UTC
Message:: [seccomp] allow fcntl F_SETFD musl does a F_SETFD in its fdopendir
Actions:: Patch | Tree

commit - 252908e6bb335c42249a3d5fe6ecaa4daf5a3e3e
commit + f88311e5344ed934d8b05c3738cca2a978491987
blob - d24e60278e4c096fe7c27b8045932fc8667388ff
blob + 030112b7c7add802dfb02435d3606f4a8e15dee2
--- sandbox.c
+++ sandbox.c
@@ -179,17 +179,22 @@ sandbox()
 		/* alpine on amd64 does a clock_gettime(2) */
 		SC_ALLOW(clock_gettime),
 
+		/* for directory listing */
+		SC_ALLOW(getdents64),
+
 		SC_ALLOW(exit),
 		SC_ALLOW(exit_group),
 
 		/* allow only F_GETFL and F_SETFL fcntl */
-		BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, __NR_fcntl, 0, 6),
+		BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, __NR_fcntl, 0, 8),
 		BPF_STMT(BPF_LD  | BPF_W | BPF_ABS,
 		    (offsetof(struct seccomp_data, args[1]))),
 		BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, F_GETFL, 0, 1),
 		BPF_STMT(BPF_RET | BPF_K, SECCOMP_RET_ALLOW),
 		BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, F_SETFL, 0, 1),
 		BPF_STMT(BPF_RET | BPF_K, SECCOMP_RET_ALLOW),
+		BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, F_SETFD, 0, 1),
+		BPF_STMT(BPF_RET | BPF_K, SECCOMP_RET_ALLOW),
 		BPF_STMT(BPF_RET | BPF_K, SC_FAIL),
 
 		/* re-load the syscall number */