v1.0.1: seccomp - add brk

author Patrick McLean <chutzpah@gentoo.org>

Mon, 27 Apr 2020 18:38:42 +0000 (20:38 +0200)

committer Lars Wendler <polynomial-c@gentoo.org>

Wed, 20 May 2020 07:20:33 +0000 (09:20 +0200)
author Patrick McLean <chutzpah@gentoo.org>
Mon, 27 Apr 2020 18:38:42 +0000 (20:38 +0200)
committer Lars Wendler <polynomial-c@gentoo.org>
Wed, 20 May 2020 07:20:33 +0000 (09:20 +0200)
diff --git a/src/daemon/priv-seccomp.c b/src/daemon/priv-seccomp.c

index 19689fe258cd64a38fe5f88ed1d2e49800d8f557..d305856520261d5970a2ec44658b81ab3e8940d1 100644 (file)
--- a/src/daemon/priv-seccomp.c
+++ b/src/daemon/priv-seccomp.c
@@ -163,6 +163,7 @@ priv_seccomp_init(int remote, int child)
             (rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(sendmmsg), 0)) < 0 ||
             (rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(wait4), 0)) < 0 ||
             (rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(stat), 0)) < 0 ||
+           (rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(brk), 0)) < 0 || /* brk needed for newer libc */
             (rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(getpid), 0)) < 0 ||
             (rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(rt_sigreturn), 0)) < 0 ||
             (rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(close), 0)) < 0 ||
author	Patrick McLean <chutzpah@gentoo.org>
	Mon, 27 Apr 2020 18:38:42 +0000 (20:38 +0200)
committer	Lars Wendler <polynomial-c@gentoo.org>
	Wed, 20 May 2020 07:20:33 +0000 (09:20 +0200)