From: Patrick McLean <chutzpah@gentoo.org>
Date: Sat, 3 Dec 2016 00:16:42 +0000 (-0800)
Subject: seccomp: add mprotect to seccomp whitelist
X-Git-Tag: 0.9.6~22^2
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=cc74ca8d4b03c517d044e7c92d2af6f75ecb69df;p=thirdparty%2Flldpd.git

seccomp: add mprotect to seccomp whitelist
---

diff --git a/src/daemon/priv-seccomp.c b/src/daemon/priv-seccomp.c
index 4f9e6e60..97f42339 100644
--- a/src/daemon/priv-seccomp.c
+++ b/src/daemon/priv-seccomp.c
@@ -166,6 +166,7 @@ priv_seccomp_init(int remote, int child)
 	    (rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(poll), 0)) < 0 ||
 	    (rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(recvmsg), 0)) < 0 ||
 	    (rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(readv), 0)) < 0 ||
+	    (rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(mprotect), 0)) < 0 ||
 	    /* The following are for resolving addresses */
 	    (rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(mmap), 0)) < 0 ||
 	    (rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(munmap), 0)) < 0 ||