summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rwxr-xr-xpython/interpreter.py9
1 files changed, 7 insertions, 2 deletions
diff --git a/python/interpreter.py b/python/interpreter.py
index 3439ae8..01c9d4d 100755
--- a/python/interpreter.py
+++ b/python/interpreter.py
@@ -25,14 +25,19 @@ f.add_rule(seccomp.ALLOW, "write", seccomp.Arg(0, seccomp.EQ, sys.stderr.fileno(
# Needed for finding source code for exceptions.
f.add_rule(seccomp.ALLOW, "stat")
-# Read-only open.
-f.add_rule(seccomp.ALLOW, "open", seccomp.Arg(1, seccomp.MASKED_EQ, 0x3, 0))
+f.add_rule(seccomp.ALLOW, "open", seccomp.Arg(1, seccomp.MASKED_EQ, 0x3, 0)) # O_RDONLY
f.add_rule(seccomp.ALLOW, "close")
f.add_rule(seccomp.ALLOW, "read")
f.add_rule(seccomp.ALLOW, "fstat")
f.add_rule(seccomp.ALLOW, "lseek")
f.add_rule(seccomp.ALLOW, "fcntl")
+# Needed for help().
+f.add_rule(seccomp.ALLOW, "openat", seccomp.Arg(2, seccomp.MASKED_EQ, 0x3, 0)) # O_RDONLY
+f.add_rule(seccomp.ALLOW, "getdents")
+f.add_rule(seccomp.ALLOW, "getrlimit", seccomp.Arg(0, seccomp.EQ, 3)) # RLIMIT_STACK
+f.add_rule(seccomp.ALLOW, "getrlimit", seccomp.Arg(0, seccomp.EQ, 7)) # RLIMIT_NOFILE
+
# Needed for code.InteractiveConsole.
f.add_rule(seccomp.ALLOW, "access")
f.add_rule(seccomp.ALLOW, "select")
generated by cgit v1.2.1 (git 2.18.0) at 2024-12-26 19:51:11 +0000