sys_linux: allow BINDTODEVICE option in seccomp filter

author Miroslav Lichvar <mlichvar@redhat.com>

Thu, 29 Apr 2021 10:35:49 +0000 (12:35 +0200)

committer Miroslav Lichvar <mlichvar@redhat.com>

Thu, 29 Apr 2021 10:37:26 +0000 (12:37 +0200)
author Miroslav Lichvar <mlichvar@redhat.com>
Thu, 29 Apr 2021 10:35:49 +0000 (12:35 +0200)
committer Miroslav Lichvar <mlichvar@redhat.com>
Thu, 29 Apr 2021 10:37:26 +0000 (12:37 +0200)
diff --git a/sys_linux.c b/sys_linux.c

index a33887f8544cc0290699ff54e0323411512c289e..be5d44d1d8942eaee8c4c3e7ce6b5178ae68151c 100644 (file)
--- a/sys_linux.c
+++ b/sys_linux.c
@@ -624,6 +624,9 @@ SYS_Linux_EnableSystemCallFilter(int level, SYS_ProcessContext context)
      { SOL_IP, IP_PKTINFO }, { SOL_IP, IP_FREEBIND }, { SOL_IP, IP_TOS },
  #ifdef FEAT_IPV6
      { SOL_IPV6, IPV6_V6ONLY }, { SOL_IPV6, IPV6_RECVPKTINFO },
+#endif
+#ifdef SO_BINDTODEVICE
+    { SOL_SOCKET, SO_BINDTODEVICE },
  #endif
      { SOL_SOCKET, SO_BROADCAST }, { SOL_SOCKET, SO_REUSEADDR },
  #ifdef SO_REUSEPORT
author	Miroslav Lichvar <mlichvar@redhat.com>
	Thu, 29 Apr 2021 10:35:49 +0000 (12:35 +0200)
committer	Miroslav Lichvar <mlichvar@redhat.com>
	Thu, 29 Apr 2021 10:37:26 +0000 (12:37 +0200)