linux: add missing SECCOMP rules

author Benedikt Neuffer <benedikt.neuffer@kit.edu>

Sat, 27 Nov 2021 16:07:50 +0000 (17:07 +0100)

committer Vincent Bernat <vincent@bernat.ch>

Sat, 27 Nov 2021 16:24:47 +0000 (17:24 +0100)
author Benedikt Neuffer <benedikt.neuffer@kit.edu>
Sat, 27 Nov 2021 16:07:50 +0000 (17:07 +0100)
committer Vincent Bernat <vincent@bernat.ch>
Sat, 27 Nov 2021 16:24:47 +0000 (17:24 +0100)
diff --git a/NEWS b/NEWS

index dbb1b804b91b57932e02743f09d363723a035c39..6c1a9717ae2b758278f071a95b027df64c622a91 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -1,3 +1,7 @@
+lldpd (1.0.14)
+ * Fix:
+   + Update seccomp rules for newer kernel/libc (#488)
+
  lldpd (1.0.13)
   * Fix:
     + Add support for 2.5G, 5G, 25G and 50G based Ethernet (#475)
diff --git a/src/daemon/priv-seccomp.c b/src/daemon/priv-seccomp.c

index 6d2736afd515f8d591d06507d55c2d3d64d70e78..5608c5f05155d5c902a40d5923b0811b8d9efc2a 100644 (file)
--- a/src/daemon/priv-seccomp.c
+++ b/src/daemon/priv-seccomp.c
@@ -176,6 +176,8 @@ priv_seccomp_init(int remote, int child)
             (rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(sendmmsg), 0)) < 0 ||
             (rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(clock_gettime), 0)) < 0 ||
             (rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(gettimeofday), 0)) < 0 ||
+           (rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(newfstatat), 0)) < 0 ||
+           (rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(pread64), 0)) < 0 ||
             /* The following are for resolving addresses */
             (rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(mmap), 0)) < 0 ||
             (rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(munmap), 0)) < 0 ||
author	Benedikt Neuffer <benedikt.neuffer@kit.edu>
	Sat, 27 Nov 2021 16:07:50 +0000 (17:07 +0100)
committer	Vincent Bernat <vincent@bernat.ch>
	Sat, 27 Nov 2021 16:24:47 +0000 (17:24 +0100)
NEWS		patch \| blob \| blame \| history
src/daemon/priv-seccomp.c		patch \| blob \| blame \| history