webservd: add native 64-bit syscalls
The syscall filter is written mostly for arm and is missing a bunch
of syscalls used on native 64-bit arches like amd64. Add them here.
BUG=None
TEST=webservd doesn't crash on amd64-generic anymore
Change-Id: I2ed016d7a76d42996b2669b37c12f1263d776a27
Reviewed-on: https://chromium-review.googlesource.com/424633
Commit-Ready: Mike Frysinger <vapier@chromium.org>
Tested-by: Mike Frysinger <vapier@chromium.org>
Reviewed-by: Garret Kelly <gdk@chromium.org>
diff --git a/webservd/usr/share/filters/webservd-seccomp.policy b/webservd/usr/share/filters/webservd-seccomp.policy
index 9c4b55e..00a9ceb 100644
--- a/webservd/usr/share/filters/webservd-seccomp.policy
+++ b/webservd/usr/share/filters/webservd-seccomp.policy
@@ -22,19 +22,28 @@
clock_gettime: 1
close: 1
connect: 1
+creat: 1
dup: 1
epoll_create: 1
epoll_ctl: 1
epoll_wait: 1
exit_group: 1
+fcntl: 1
fcntl64: 1
+fstat: 1
fstat64: 1
futex: 1
+getdents: 1
getdents64: 1
+getegid: 1
getegid32: 1
+geteuid: 1
geteuid32: 1
+getgid: 1
getgid32: 1
+getresgid: 1
getresgid32: 1
+getresuid: 1
getresuid32: 1
# arm
ugetrlimit: 1
@@ -42,8 +51,10 @@
getsockname: 1
gettid: 1
gettimeofday: 1
+getuid: 1
getuid32: 1
listen: 1
+lstat: 1
lstat64: 1
mmap2: 1
mprotect: 1
@@ -63,14 +74,18 @@
rt_sigprocmask: 1
# arm
_newselect: 1
+select: 1
send: 1
sendmsg: 1
set_robust_list: 1
set_tid_address: 1
# arm
ARM_set_tls: 1
+setgroups: 1
setgroups32: 1
+setresgid: 1
setresgid32: 1
+setresuid: 1
setresuid32: 1
setsockopt: 1
shutdown: 1
@@ -79,6 +94,7 @@
socket: arg0 == 0x1 || arg0 == 0xa || arg0 == 0x2
# socketpair: arg0 == PF_LOCAL
socketpair: arg0 == 0x1
+stat: 1
stat64: 1
tgkill: 1
uname: 1
