greg/nix-bitcoin
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

lib: allow syscall get_mempolicy in default seccomp filter

Browse Source 
This syscall is required by an upcoming version of btcpayserver.
Because it is generally safe, we can allow it for all services.
This commit is contained in:
Erik Arvstedt 2021-12-30 16:28:48 +01:00 committed by Jonas Nick
parent a2c01e5a56
commit 53a9f136b9
No known key found for this signature in database
GPG Key ID: 4861DBF262123605
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
pkgs/lib.nix
View File

@ -33,7 +33,7 @@ let self = {
# @system-service whitelist and docker seccomp blacklist (except for "clone"
# which is a core requirement for systemd services)
# @system-service is defined in src/shared/seccomp-util.c (systemd source)
SystemCallFilter = [ "@system-service" "~add_key clone3 get_mempolicy kcmp keyctl mbind move_pages name_to_handle_at personality process_vm_readv process_vm_writev request_key set_mempolicy setns unshare userfaultfd" ];
SystemCallFilter = [ "@system-service" "~add_key clone3 kcmp keyctl mbind move_pages name_to_handle_at personality process_vm_readv process_vm_writev request_key set_mempolicy setns unshare userfaultfd" ];
SystemCallArchitectures = "native";
};