Mercurial > hg > dhcpcd

changeset 5468:a2d2d095088f draft

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
privsep: Allow more syscalls for seccomp dumplease now works over the control socket and stdin.
author Roy Marples <roy@marples.name>
date Sun, 20 Sep 2020 19:44:23 +0100
parents 49e119831377
children f9a05c95d611
files src/privsep-linux.c
diffstat 1 files changed, 12 insertions(+), 0 deletions(-) [+]
line wrap: on
line diff
--- a/src/privsep-linux.c	Sun Sep 20 19:24:26 2020 +0100
+++ b/src/privsep-linux.c	Sun Sep 20 19:44:23 2020 +0100
@@ -177,6 +177,9 @@
 	/* Allow syscalls */
 	BPF_STMT(BPF_LD + BPF_W + BPF_ABS,
 		offsetof(struct seccomp_data, nr)),
+#ifdef __NR_accept
+	SECCOMP_ALLOW(__NR_accept),
+#endif
 #ifdef __NR_brk
 	SECCOMP_ALLOW(__NR_brk),
 #endif
@@ -192,6 +195,12 @@
 #ifdef __NR_close
 	SECCOMP_ALLOW(__NR_close),
 #endif
+#ifdef __NR_fcntl
+	SECCOMP_ALLOW(__NR_fcntl),
+#endif
+#ifdef __NR_fstat
+	SECCOMP_ALLOW(__NR_fstat),
+#endif
 #ifdef __NR_getpid
 	SECCOMP_ALLOW(__NR_getpid),
 #endif
@@ -234,6 +243,9 @@
 #ifdef __NR_shutdown
 	SECCOMP_ALLOW(__NR_shutdown),
 #endif
+#ifdef __NR_wait4
+	SECCOMP_ALLOW(__NR_wait4),
+#endif
 #ifdef __NR_write
 	SECCOMP_ALLOW(__NR_write),
 #endif