|
Lines 228-234
static const struct sock_filter preauth_insns[] = {
Link Here
|
| 228 |
SC_ALLOW_ARG(__NR_ioctl, 1, Z90STAT_STATUS_MASK), |
228 |
SC_ALLOW_ARG(__NR_ioctl, 1, Z90STAT_STATUS_MASK), |
| 229 |
SC_ALLOW_ARG(__NR_ioctl, 1, ICARSAMODEXPO), |
229 |
SC_ALLOW_ARG(__NR_ioctl, 1, ICARSAMODEXPO), |
| 230 |
SC_ALLOW_ARG(__NR_ioctl, 1, ICARSACRT), |
230 |
SC_ALLOW_ARG(__NR_ioctl, 1, ICARSACRT), |
| 231 |
#endif /* defined(__NR_ioctl) && defined(__s390__) */ |
231 |
#endif |
|
|
232 |
#if defined(__x86_64__) && defined(__ILP32__) && defined(__X32_SYSCALL_BIT) |
| 233 |
/* |
| 234 |
* On Linux x32, the clock_gettime VDSO falls back to the |
| 235 |
* x86-64 syscall under some circumstances, e.g. |
| 236 |
* https://bugs.debian.org/849923 |
| 237 |
*/ |
| 238 |
SC_ALLOW(__NR_clock_gettime & ~__X32_SYSCALL_BIT); |
| 239 |
#endif |
| 232 |
|
240 |
|
| 233 |
/* Default deny */ |
241 |
/* Default deny */ |
| 234 |
BPF_STMT(BPF_RET+BPF_K, SECCOMP_FILTER_FAIL), |
242 |
BPF_STMT(BPF_RET+BPF_K, SECCOMP_FILTER_FAIL), |