From fa802eafe101847b7c4b71489ed6bcb6dc77597e Mon Sep 17 00:00:00 2001 From: dietshasta Date: Sat, 22 Jun 2024 10:27:57 +0100 Subject: [PATCH] update --- daemon/Sandbox.cpp | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) diff --git a/daemon/Sandbox.cpp b/daemon/Sandbox.cpp index f5a52bf..03878ae 100644 --- a/daemon/Sandbox.cpp +++ b/daemon/Sandbox.cpp @@ -60,6 +60,10 @@ namespace i2p { SCMP_SYS(ftruncate), SCMP_SYS(futex), SCMP_SYS(getdents64), + SCMP_SYS(getgid), + SCMP_SYS(getegid), + SCMP_SYS(getuid), + SCMP_SYS(geteuid), SCMP_SYS(getpeername), SCMP_SYS(getpid), SCMP_SYS(getrandom), @@ -73,10 +77,13 @@ namespace i2p { SCMP_SYS(listen), SCMP_SYS(lseek), SCMP_SYS(madvise), + SCMP_SYS(membarrier), SCMP_SYS(mkdir), + SCMP_SYS(mkdirat), SCMP_SYS(mmap), SCMP_SYS(mprotect), SCMP_SYS(munmap), + SCMP_SYS(nanosleep), SCMP_SYS(newfstatat), SCMP_SYS(openat), SCMP_SYS(poll), @@ -101,6 +108,8 @@ namespace i2p { SCMP_SYS(setsockopt), SCMP_SYS(shutdown), SCMP_SYS(socket), + SCMP_SYS(stat), + SCMP_SYS(statx), SCMP_SYS(sysinfo), SCMP_SYS(tgkill), SCMP_SYS(timerfd_create), @@ -149,10 +158,9 @@ namespace i2p { } int addrule(const char *path, unsigned long long rules, int ruleset_fd) { - struct landlock_path_beneath_attr temp = { - {rules}, - {NULL}, - }; + struct landlock_path_beneath_attr temp; + temp.allowed_access = rules; + temp.parent_fd = 0; /* Open path file descriptor */ temp.parent_fd = open(path, O_PATH | O_CLOEXEC);