blob: 4d098b2231c7dd1b3ab2aac9bef3d1ac812d078d (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
|
diff --git a/sandbox-seccomp-filter.c b/sandbox-seccomp-filter.c
index 23b40b643..d93a357c6 100644
--- a/sandbox-seccomp-filter.c
+++ b/sandbox-seccomp-filter.c
@@ -257,6 +257,15 @@ static const struct sock_filter preauth_insns[] = {
#ifdef __NR_statx
SC_DENY(__NR_statx, EACCES),
#endif
+#ifdef __NR_shmget
+ SC_DENY(__NR_shmget, EACCES),
+#endif
+#ifdef __NR_shmat
+ SC_DENY(__NR_shmat, EACCES),
+#endif
+#ifdef __NR_shmdt
+ SC_DENY(__NR_shmdt, EACCES),
+#endif
/* Syscalls to permit */
#ifdef __NR_brk
|