* David Alan Gilbert:
> * Florian Weimer (fwei...@redhat.com) wrote:
>> * David Alan Gilbert:
>>
>> > +static const int syscall_whitelist[] = {
>> > + /* TODO ireg sem*() syscalls */
>> > + SCMP_SYS(brk),
>> > + SCMP_SYS(capget), /* For CAP_FSETID */
>> > + SCMP_SYS(capset),
>> > + SCMP_SYS(clock_gettime),
>>
>> > + SCMP_SYS(gettimeofday),
>>
>> Is this to suppose to work on 32-bit architectures? Then you need to
>> add the time64 system call variants as well.
>
> Trying SCMP_SYS(time64) gives me an error for an undefined __NR_time64
> on both 64 and 32 bit.
Sorry, time64 does not exist, Userspace is supposed to use
clock_gettime64 with CLOCK_REALTIME_COARSE.
I actually meant that you'll also need futex_time64, ppoll_time64,
recvmmsg_time64, utimensat_time64. (Based on cursory checking against
the permit list you posted.)
And for a port to 32-bit RISC-V, I think the 32-bit syscalls need to be
protected by #ifdef because new 32-bit architectures do not have them
anymore.
Thanks,
Florian
