seccomp: add 64-bit time_t syscalls

Relates to https://patchwork.kernel.org/patch/10756415/ Added to whitelist: - `clock_getres_time64` (equivalent of `clock_getres`, which was whitelisted) - `clock_gettime64` (equivalent of `clock_gettime`, which was whitelisted) - `clock_nanosleep_time64` (equivalent of `clock_nanosleep`, which was whitelisted) - `futex_time64` (equivalent of `futex`, which was whitelisted) - `io_pgetevents_time64` (equivalent of `io_pgetevents`, which was whitelisted) - `mq_timedreceive_time64` (equivalent of `mq_timedreceive`, which was whitelisted) - `mq_timedsend_time64 ` (equivalent of `mq_timedsend`, which was whitelisted) - `ppoll_time64` (equivalent of `ppoll`, which was whitelisted) - `pselect6_time64` (equivalent of `pselect6`, which was whitelisted) - `recvmmsg_time64` (equivalent of `recvmmsg`, which was whitelisted) - `rt_sigtimedwait_time64` (equivalent of `rt_sigtimedwait`, which was whitelisted) - `sched_rr_get_interval_time64` (equivalent of `sched_rr_get_interval`, which was whitelisted) - `semtimedop_time64` (equivalent of `semtimedop`, which was whitelisted) - `timer_gettime64` (equivalent of `timer_gettime`, which was whitelisted) - `timer_settime64` (equivalent of `timer_settime`, which was whitelisted) - `timerfd_gettime64` (equivalent of `timerfd_gettime`, which was whitelisted) - `timerfd_settime64` (equivalent of `timerfd_settime`, which was whitelisted) - `utimensat_time64` (equivalent of `utimensat`, which was whitelisted) Not added to whitelist: - `clock_adjtime64` (equivalent of `clock_adjtime`, which was not whitelisted) - `clock_settime64` (equivalent of `clock_settime`, which was not whitelisted) Signed-off-by: Sebastiaan van Stijn <github@gone.nl> (cherry picked from commit 89fabf0f24) Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-03-25 13:42:27 +01:00 · 2020-03-25 13:42:27 +01:00 · 284bbde996
commit 284bbde996
parent 89f296a534
2 changed files with 42 additions and 6 deletions
--- a/profiles/seccomp/default.json
+++ b/profiles/seccomp/default.json
@ -66,8 +66,11 @@
 				"chown",
 				"chown32",
 				"clock_getres",
 				"clock_getres_time64",
 				"clock_gettime",
 				"clock_gettime64",
 				"clock_nanosleep",
 				"clock_nanosleep_time64",
 				"close",
 				"connect",
 				"copy_file_range",
@ -117,6 +120,7 @@
 				"ftruncate",
 				"ftruncate64",
 				"futex",
 				"futex_time64",
 				"futimesat",
 				"getcpu",
 				"getcwd",
@ -163,6 +167,7 @@
 				"io_destroy",
 				"io_getevents",
 				"io_pgetevents",
 				"io_pgetevents_time64",
 				"ioprio_get",
 				"ioprio_set",
 				"io_setup",
@ -200,7 +205,9 @@
 				"mq_notify",
 				"mq_open",
 				"mq_timedreceive",
 				"mq_timedreceive_time64",
 				"mq_timedsend",
 				"mq_timedsend_time64",
 				"mq_unlink",
 				"mremap",
 				"msgctl",
@ -221,12 +228,14 @@
 				"pipe2",
 				"poll",
 				"ppoll",
 				"ppoll_time64",
 				"prctl",
 				"pread64",
 				"preadv",
 				"preadv2",
 				"prlimit64",
 				"pselect6",
 				"pselect6_time64",
 				"pwrite64",
 				"pwritev",
 				"pwritev2",
@ -238,6 +247,7 @@
 				"recv",
 				"recvfrom",
 				"recvmmsg",
 				"recvmmsg_time64",
 				"recvmsg",
 				"remap_file_pages",
 				"removexattr",
@ -253,6 +263,7 @@
 				"rt_sigreturn",
 				"rt_sigsuspend",
 				"rt_sigtimedwait",
 				"rt_sigtimedwait_time64",
 				"rt_tgsigqueueinfo",
 				"sched_getaffinity",
 				"sched_getattr",
@ -261,6 +272,7 @@
 				"sched_get_priority_min",
 				"sched_getscheduler",
 				"sched_rr_get_interval",
 				"sched_rr_get_interval_time64",
 				"sched_setaffinity",
 				"sched_setattr",
 				"sched_setparam",
@ -272,6 +284,7 @@
 				"semget",
 				"semop",
 				"semtimedop",
 				"semtimedop_time64",
 				"send",
 				"sendfile",
 				"sendfile64",
@ -336,12 +349,16 @@
 				"time",
 				"timer_create",
 				"timer_delete",
 				"timerfd_create",
 				"timerfd_gettime",
 				"timerfd_settime",
 				"timer_getoverrun",
 				"timer_gettime",
 				"timer_gettime64",
 				"timer_settime",
 				"timer_settime64",
 				"timerfd_create",
 				"timerfd_gettime",
 				"timerfd_gettime64",
 				"timerfd_settime",
 				"timerfd_settime64",
 				"times",
 				"tkill",
 				"truncate",
@ -353,6 +370,7 @@
 				"unlinkat",
 				"utime",
 				"utimensat",
 				"utimensat_time64",
 				"utimes",
 				"vfork",
 				"vmsplice",
--- a/profiles/seccomp/seccomp_default.go
+++ b/profiles/seccomp/seccomp_default.go
@ -59,8 +59,11 @@ func DefaultProfile() *types.Seccomp {
 				"chown",
 				"chown32",
 				"clock_getres",
 				"clock_getres_time64",
 				"clock_gettime",
 				"clock_gettime64",
 				"clock_nanosleep",
 				"clock_nanosleep_time64",
 				"close",
 				"connect",
 				"copy_file_range",
@ -110,6 +113,7 @@ func DefaultProfile() *types.Seccomp {
 				"ftruncate",
 				"ftruncate64",
 				"futex",
 				"futex_time64",
 				"futimesat",
 				"getcpu",
 				"getcwd",
@ -156,6 +160,7 @@ func DefaultProfile() *types.Seccomp {
 				"io_destroy",
 				"io_getevents",
 				"io_pgetevents",
 				"io_pgetevents_time64",
 				"ioprio_get",
 				"ioprio_set",
 				"io_setup",
@ -193,7 +198,9 @@ func DefaultProfile() *types.Seccomp {
 				"mq_notify",
 				"mq_open",
 				"mq_timedreceive",
 				"mq_timedreceive_time64",
 				"mq_timedsend",
 				"mq_timedsend_time64",
 				"mq_unlink",
 				"mremap",
 				"msgctl",
@ -214,12 +221,14 @@ func DefaultProfile() *types.Seccomp {
 				"pipe2",
 				"poll",
 				"ppoll",
 				"ppoll_time64",
 				"prctl",
 				"pread64",
 				"preadv",
 				"preadv2",
 				"prlimit64",
 				"pselect6",
 				"pselect6_time64",
 				"pwrite64",
 				"pwritev",
 				"pwritev2",
@ -231,6 +240,7 @@ func DefaultProfile() *types.Seccomp {
 				"recv",
 				"recvfrom",
 				"recvmmsg",
 				"recvmmsg_time64",
 				"recvmsg",
 				"remap_file_pages",
 				"removexattr",
@ -246,6 +256,7 @@ func DefaultProfile() *types.Seccomp {
 				"rt_sigreturn",
 				"rt_sigsuspend",
 				"rt_sigtimedwait",
 				"rt_sigtimedwait_time64",
 				"rt_tgsigqueueinfo",
 				"sched_getaffinity",
 				"sched_getattr",
@ -254,6 +265,7 @@ func DefaultProfile() *types.Seccomp {
 				"sched_get_priority_min",
 				"sched_getscheduler",
 				"sched_rr_get_interval",
 				"sched_rr_get_interval_time64",
 				"sched_setaffinity",
 				"sched_setattr",
 				"sched_setparam",
@ -265,6 +277,7 @@ func DefaultProfile() *types.Seccomp {
 				"semget",
 				"semop",
 				"semtimedop",
 				"semtimedop_time64",
 				"send",
 				"sendfile",
 				"sendfile64",
@ -329,12 +342,16 @@ func DefaultProfile() *types.Seccomp {
 				"time",
 				"timer_create",
 				"timer_delete",
 				"timerfd_create",
 				"timerfd_gettime",
 				"timerfd_settime",
 				"timer_getoverrun",
 				"timer_gettime",
 				"timer_gettime64",
 				"timer_settime",
 				"timer_settime64",
 				"timerfd_create",
 				"timerfd_gettime",
 				"timerfd_gettime64",
 				"timerfd_settime",
 				"timerfd_settime64",
 				"times",
 				"tkill",
 				"truncate",
@ -346,6 +363,7 @@ func DefaultProfile() *types.Seccomp {
 				"unlinkat",
 				"utime",
 				"utimensat",
 				"utimensat_time64",
 				"utimes",
 				"vfork",
 				"vmsplice",