From: Vincent Bernat <vincent@bernat.im>
Date: Thu, 16 Nov 2017 15:38:55 +0000 (+0100)
Subject: priv: also allow the use of openat for seccomp
X-Git-Tag: 0.9.9~4
X-Git-Url: http://git.ipfire.org/?p=thirdparty%2Flldpd.git;a=commitdiff_plain;h=2f8f95aad168adb9c35905176180c89930370148

priv: also allow the use of openat for seccomp
---

diff --git a/src/daemon/priv-seccomp.c b/src/daemon/priv-seccomp.c
index 7d911bc0..fe48ad3e 100644
--- a/src/daemon/priv-seccomp.c
+++ b/src/daemon/priv-seccomp.c
@@ -148,6 +148,7 @@ priv_seccomp_init(int remote, int child)
 	if ((rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(read), 0)) < 0 ||
 	    (rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(write), 0)) < 0 || /* write needed for */
 	    (rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(open), 0)) < 0 ||
+	    (rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(openat), 0)) < 0 ||
 	    (rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(fcntl), 0)) < 0 ||
 	    (rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(kill), 0)) < 0 ||
 	    (rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(socket), 0)) < 0 ||