# HG changeset patch
# User Roy Marples <roy@marples.name>
# Date 1600627463 -3600
# Node ID a2d2d095088f932ca1a2a02f43a05cbf5a5fad1c
# Parent  49e119831377e031397a022c3c8342deda72b38c
privsep: Allow more syscalls for seccomp

dumplease now works over the control socket and stdin.

diff -r 49e119831377 -r a2d2d095088f src/privsep-linux.c
--- a/src/privsep-linux.c	Sun Sep 20 19:24:26 2020 +0100
+++ b/src/privsep-linux.c	Sun Sep 20 19:44:23 2020 +0100
@@ -177,6 +177,9 @@
 	/* Allow syscalls */
 	BPF_STMT(BPF_LD + BPF_W + BPF_ABS,
 		offsetof(struct seccomp_data, nr)),
+#ifdef __NR_accept
+	SECCOMP_ALLOW(__NR_accept),
+#endif
 #ifdef __NR_brk
 	SECCOMP_ALLOW(__NR_brk),
 #endif
@@ -192,6 +195,12 @@
 #ifdef __NR_close
 	SECCOMP_ALLOW(__NR_close),
 #endif
+#ifdef __NR_fcntl
+	SECCOMP_ALLOW(__NR_fcntl),
+#endif
+#ifdef __NR_fstat
+	SECCOMP_ALLOW(__NR_fstat),
+#endif
 #ifdef __NR_getpid
 	SECCOMP_ALLOW(__NR_getpid),
 #endif
@@ -234,6 +243,9 @@
 #ifdef __NR_shutdown
 	SECCOMP_ALLOW(__NR_shutdown),
 #endif
+#ifdef __NR_wait4
+	SECCOMP_ALLOW(__NR_wait4),
+#endif
 #ifdef __NR_write
 	SECCOMP_ALLOW(__NR_write),
 #endif