priv: add getpid() to seccomp filter

author Vincent Bernat <vincent@bernat.im>

Wed, 13 Sep 2017 17:07:43 +0000 (19:07 +0200)

committer Vincent Bernat <vincent@bernat.im>

Wed, 13 Sep 2017 17:07:43 +0000 (19:07 +0200)
author Vincent Bernat <vincent@bernat.im>
Wed, 13 Sep 2017 17:07:43 +0000 (19:07 +0200)
committer Vincent Bernat <vincent@bernat.im>
Wed, 13 Sep 2017 17:07:43 +0000 (19:07 +0200)
diff --git a/src/daemon/priv-seccomp.c b/src/daemon/priv-seccomp.c

index 1905236754ce07b0fcdc8dcbd42e7b9dfce92103..7d911bc02eb70752e2224858aa02558bd8eb526d 100644 (file)
--- a/src/daemon/priv-seccomp.c
+++ b/src/daemon/priv-seccomp.c
@@ -161,6 +161,7 @@ priv_seccomp_init(int remote, int child)
             (rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(sendmmsg), 0)) < 0 ||
             (rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(wait4), 0)) < 0 ||
             (rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(stat), 0)) < 0 ||
+           (rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(getpid), 0)) < 0 ||
             (rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(rt_sigreturn), 0)) < 0 ||
             (rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(close), 0)) < 0 ||
             (rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(sendto), 0)) < 0 ||
author	Vincent Bernat <vincent@bernat.im>
	Wed, 13 Sep 2017 17:07:43 +0000 (19:07 +0200)
committer	Vincent Bernat <vincent@bernat.im>
	Wed, 13 Sep 2017 17:07:43 +0000 (19:07 +0200)