lldpd: whitelist sendto, poll, recvmsg and readv in seccomp sandbox

author Patrick McLean <chutzpah@gentoo.org>

Tue, 8 Jul 2014 18:40:15 +0000 (11:40 -0700)

committer Patrick McLean <chutzpah@gentoo.org>

Tue, 8 Jul 2014 18:45:02 +0000 (11:45 -0700)
author Patrick McLean <chutzpah@gentoo.org>
Tue, 8 Jul 2014 18:40:15 +0000 (11:40 -0700)
committer Patrick McLean <chutzpah@gentoo.org>
Tue, 8 Jul 2014 18:45:02 +0000 (11:45 -0700)
diff --git a/src/daemon/priv-seccomp.c b/src/daemon/priv-seccomp.c

index 7eb49d6fff438723780e7dfd012b181eba37c866..c69d82a34db9c2c25b12167f33690db54656ffa5 100644 (file)
--- a/src/daemon/priv-seccomp.c
+++ b/src/daemon/priv-seccomp.c
@@ -160,6 +160,10 @@ priv_seccomp_init(int remote, int child)
             (rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(stat), 0)) < 0 ||
             (rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(rt_sigreturn), 0)) < 0 ||
             (rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(close), 0)) < 0 ||
+           (rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(sendto), 0)) < 0 ||
+           (rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(poll), 0)) < 0 ||
+           (rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(recvmsg), 0)) < 0 ||
+           (rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(readv), 0)) < 0 ||
             /* The following are for resolving addresses */
             (rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(mmap), 0)) < 0 ||
             (rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(munmap), 0)) < 0 ||
author	Patrick McLean <chutzpah@gentoo.org>
	Tue, 8 Jul 2014 18:40:15 +0000 (11:40 -0700)
committer	Patrick McLean <chutzpah@gentoo.org>
	Tue, 8 Jul 2014 18:45:02 +0000 (11:45 -0700)