PVF worker: Add seccomp restrictions (restrict networking) (#2009)

2026-06-13 18:41:05 +00:00 · 2023-10-31 11:08:08 +01:00
parent 2d9426f1cc
commit 9faea380dc
27 changed files with 1376 additions and 714 deletions
@@ -24,10 +24,8 @@
 42 (connect)
 45 (recvfrom)
 46 (sendmsg)
-53 (socketpair)
 56 (clone)
 60 (exit)
-61 (wait4)
 62 (kill)
 72 (fcntl)
 79 (getcwd)
@@ -52,23 +50,16 @@
 200 (tkill)
 202 (futex)
 204 (sched_getaffinity)
-213 (epoll_create)
 217 (getdents64)
 218 (set_tid_address)
 228 (clock_gettime)
 230 (clock_nanosleep)
 231 (exit_group)
-232 (epoll_wait)
-233 (epoll_ctl)
 257 (openat)
 262 (newfstatat)
 263 (unlinkat)
 272 (unshare)
 273 (set_robust_list)
-281 (epoll_pwait)
-284 (eventfd)
-290 (eventfd2)
-291 (epoll_create1)
 302 (prlimit64)
 318 (getrandom)
 319 (memfd_create)