|
|
@@ -181,8 +181,23 @@ sb_time(scmp_filter_ctx ctx, sandbox_cfg_t *filter)
|
|
|
static int
|
|
|
sb_accept4(scmp_filter_ctx ctx, sandbox_cfg_t *filter)
|
|
|
{
|
|
|
- return seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(socketcall), 1,
|
|
|
- SCMP_CMP(0, SCMP_CMP_EQ, 18));
|
|
|
+ int rc = 0;
|
|
|
+
|
|
|
+#ifdef __i386__
|
|
|
+ rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(socketcall), 1,
|
|
|
+ SCMP_CMP(0, SCMP_CMP_EQ, 18));
|
|
|
+ if (rc) {
|
|
|
+ return rc;
|
|
|
+ }
|
|
|
+#endif
|
|
|
+
|
|
|
+ rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(accept4), 1,
|
|
|
+ SCMP_CMP(3, SCMP_CMP_EQ, SOCK_CLOEXEC));
|
|
|
+ if (rc) {
|
|
|
+ return rc;
|
|
|
+ }
|
|
|
+
|
|
|
+ return 0;
|
|
|
}
|
|
|
|
|
|
#ifdef __NR_mmap2
|
Cristian Toader