From 3a32f22b03b30961ee922ff864ee525fb75fd488 Mon Sep 17 00:00:00 2001
From: Matthew Clarkson <mclarkson@reliablecontrols.com>
Date: Thu, 19 Nov 2020 15:37:33 +0000
Subject: [PATCH] privsep: Allow ioctl TCGETS

printf on some platforms seems to require it.
Without this, script_dump() may fault.
---
 src/privsep-linux.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/src/privsep-linux.c b/src/privsep-linux.c
index ed391e7d..306eb249 100644
--- a/src/privsep-linux.c
+++ b/src/privsep-linux.c
@@ -257,6 +257,8 @@ static struct sock_filter ps_seccomp_filter[] = {
 	SECCOMP_ALLOW_ARG(__NR_ioctl, 1, SIOCGIFINDEX),
 	SECCOMP_ALLOW_ARG(__NR_ioctl, 1, SIOCGIFMTU),
 	SECCOMP_ALLOW_ARG(__NR_ioctl, 1, SIOCGIFVLAN),
+	/* printf on some platforms seems to use this ioctl */
+	SECCOMP_ALLOW_ARG(__NR_ioctl, 1, TCGETS),
 	/* SECCOMP BPF is newer than nl80211 so we don't need SIOCGIWESSID
 	 * which lives in the impossible to include linux/wireless.h header */
 #endif
-- 
2.47.3