libseccomp-golang icon indicating copy to clipboard operation
libseccomp-golang copied to clipboard

Published 20 hours ago verified publisher icon seccomp

The epoll_ctl operation not permitted

Open archine opened this issue 1 year ago • 1 comments

I've added SYS_EPOLL_CTL, but looking at the call log through strace will still appear.

image

  • all calls
"openat",
"futex",
"fcntl",
"clone",
"rt_sigprocmask",
"rt_sigreturn",
"rt_sigaction",
"mmap",
"readlinkat",
"read",
"write",
"tgkill",
"epoll_create1",
"epoll_ctl",
"pipe2",
"fstat",
"pread64",
"close",
"prctl",
"getpid",
"gettid",
"set_tid_address",
"rseq",
"newfstatat",
  • invoke
func Seccomp(allowedSysCalls []string) error {
	ctx, err := seccomp.NewFilter(seccomp.ActKillProcess)
	if err != nil {
		return err
	}
	for _, syscallID := range allowedSysCalls {
		call, err := seccomp.GetSyscallFromName(syscallID)
		if err != nil {
			return err
		}
		if err = ctx.AddRule(call, seccomp.ActAllow); err != nil {
			return err
		}
	}
	if err = ctx.Load(); err != nil {
		return err
	}
	return nil
}
  • go version go1.20.14 linux/amd64
  • libseccomp-golang: v0.10.0
  • os: 5.15.0-78-generic

archine avatar Aug 01 '24 03:08 archine