Include the waid syscalls. If we permit forking then we should also
permit waiting for a process.
Similar to that: also permit determining the usage counters for
processes.
Include calls to determine process/thread identity. They have little
impact security-wise, but are very likely used when process management
of any form is done.
Also, add rt_sigqueueinfo + rt_tgsigqueueinfo as they are similar to
kill() and friends, but permit passing along a userdata ptr.
"clone\0"
"execveat\0"
"fork\0"
+ "getpid\0"
+ "getppid\0"
+ "getrusage\0"
+ "gettid\0"
"kill\0"
"prctl\0"
+ "rt_sigqueueinfo\0"
+ "rt_tgsigqueueinfo\0"
"setns\0"
"tgkill\0"
+ "times\0"
"tkill\0"
"unshare\0"
"vfork\0"
+ "wait4\0"
+ "waitid\0"
+ "waitpid\0"
},
[SYSCALL_FILTER_SET_RAW_IO] = {
.name = "@raw-io",