seccomp: add mprotect to seccomp whitelist

author Patrick McLean <chutzpah@gentoo.org>

Sat, 3 Dec 2016 00:16:42 +0000 (16:16 -0800)

committer Patrick McLean <chutzpah@gentoo.org>

Sat, 3 Dec 2016 00:16:42 +0000 (16:16 -0800)
author Patrick McLean <chutzpah@gentoo.org>
Sat, 3 Dec 2016 00:16:42 +0000 (16:16 -0800)
committer Patrick McLean <chutzpah@gentoo.org>
Sat, 3 Dec 2016 00:16:42 +0000 (16:16 -0800)
diff --git a/src/daemon/priv-seccomp.c b/src/daemon/priv-seccomp.c

index 4f9e6e60b31dac949524b9c793242c4167130dfc..97f42339787a1592716b9678c15462276d6f1d1d 100644 (file)
--- a/src/daemon/priv-seccomp.c
+++ b/src/daemon/priv-seccomp.c
@@ -166,6 +166,7 @@ priv_seccomp_init(int remote, int child)
             (rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(poll), 0)) < 0 ||
             (rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(recvmsg), 0)) < 0 ||
             (rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(readv), 0)) < 0 ||
+           (rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(mprotect), 0)) < 0 ||
             /* The following are for resolving addresses */
             (rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(mmap), 0)) < 0 ||
             (rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(munmap), 0)) < 0 ||
author	Patrick McLean <chutzpah@gentoo.org>
	Sat, 3 Dec 2016 00:16:42 +0000 (16:16 -0800)
committer	Patrick McLean <chutzpah@gentoo.org>
	Sat, 3 Dec 2016 00:16:42 +0000 (16:16 -0800)