# HG changeset patch # User Roy Marples # Date 1600559627 -3600 # Node ID 4a1e66b07201f9d122ad11f0a3e757d6198a52ca # Parent f23587f4e8e264652cd9947e2aaf7a079f26a044 privsep: Avoid "unconfined" seccomp warnings Unsure why these are needed atm.... diff -r f23587f4e8e2 -r 4a1e66b07201 src/privsep-linux.c --- a/src/privsep-linux.c Sun Sep 20 00:43:36 2020 +0100 +++ b/src/privsep-linux.c Sun Sep 20 00:53:47 2020 +0100 @@ -243,6 +243,22 @@ #ifdef __NR_uname SECCOMP_ALLOW(__NR_uname), #endif + + /* Avoid unconfined dmesg warnings. + * XXX Why do we need these? */ +#ifdef __NR_exit_group + SECCOMP_ALLOW(__NR_exit_group), +#endif +#ifdef __NR_ftruncate + SECCOMP_ALLOW(__NR_ftruncate), +#endif +#ifdef __NR_munmap + SECCOMP_ALLOW(__NR_munmap), +#endif +#ifdef __NR_unlink + SECCOMP_ALLOW(__NR_unlink), +#endif + /* Deny everything else */ BPF_STMT(BPF_RET + BPF_K, SECCOMP_FILTER_FAIL), };