sys_linux: allow ioctl(TCGETS2) in seccomp filter

Add TCGETS2 to the list of allowed ioctls. It seems to be called by the
latest glibc version from isatty(), which is called from libpcsclite
used by gnutls in an NTS-KE session.

Include the linux termios header instead of glibc header to get a usable
definition of TCGETS2.

diff --git a/sys_linux.c b/sys_linux.c
index ca5540f2b54885ba2cb34875498b20a7c48e2e37..e20e459d8d6768e3cf6082b0af165b4a53777f62 100644 (file)
--- a/sys_linux.c
+++ b/sys_linux.c
@@ -48,7 +48,7 @@
 #ifdef FEAT_SCFILTER
 #include <sys/prctl.h>
 #include <seccomp.h>
-#include <termios.h>
+#include <linux/termios.h>
 #ifdef FEAT_PPS
 #include <linux/pps.h>
 #endif
@@ -615,7 +615,7 @@ SYS_Linux_EnableSystemCallFilter(int level, SYS_ProcessContext context)
   const static int fcntls[] = { F_GETFD, F_SETFD, F_GETFL, F_SETFL };
 
   const static unsigned long ioctls[] = {
-    FIONREAD, TCGETS, TIOCGWINSZ,
+    FIONREAD, TCGETS, TCGETS2, TIOCGWINSZ,
 #if defined(FEAT_PHC) || defined(HAVE_LINUX_TIMESTAMPING)
     PTP_EXTTS_REQUEST, PTP_SYS_OFFSET,
 #ifdef PTP_PIN_SETFUNC