From: Darren Tucker <dtucker@dtucker.net>
Date: Sat, 14 Jan 2023 11:02:44 +0000 (+1100)
Subject: Allow writev is seccomp sandbox.
X-Git-Tag: V_9_2_P1~23
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=6283f4bd83eee714d0f5fc55802eff836b06fea8;p=thirdparty%2Fopenssh-portable.git

Allow writev is seccomp sandbox.

This seems to be used by recent glibcs at least in some configurations.
From bz#3512, ok djm@
---

diff --git a/sandbox-seccomp-filter.c b/sandbox-seccomp-filter.c
index cec43c463..4ab49eb6e 100644
--- a/sandbox-seccomp-filter.c
+++ b/sandbox-seccomp-filter.c
@@ -312,6 +312,9 @@ static const struct sock_filter preauth_insns[] = {
 #ifdef __NR_write
 	SC_ALLOW(__NR_write),
 #endif
+#ifdef __NR_writev
+	SC_ALLOW(__NR_writev),
+#endif
 #ifdef __NR_socketcall
 	SC_ALLOW_ARG(__NR_socketcall, 0, SYS_SHUTDOWN),
 	SC_DENY(__NR_socketcall, EACCES),