privsep: Allow more syscalls for seccomp

dumplease now works over the control socket and stdin.

diff --git a/src/privsep-linux.c b/src/privsep-linux.c
index ab844365d7e5649a7490654ac1e1f00574351c55..eefca262f997cff35c0c4ed941094b6dd870984d 100644 (file)
--- a/src/privsep-linux.c
+++ b/src/privsep-linux.c
@@ -177,6 +177,9 @@ static struct sock_filter ps_seccomp_filter[] = {
        /* Allow syscalls */
        BPF_STMT(BPF_LD + BPF_W + BPF_ABS,
                offsetof(struct seccomp_data, nr)),
+#ifdef __NR_accept
+       SECCOMP_ALLOW(__NR_accept),
+#endif
 #ifdef __NR_brk
        SECCOMP_ALLOW(__NR_brk),
 #endif
@@ -192,6 +195,12 @@ static struct sock_filter ps_seccomp_filter[] = {
 #ifdef __NR_close
        SECCOMP_ALLOW(__NR_close),
 #endif
+#ifdef __NR_fcntl
+       SECCOMP_ALLOW(__NR_fcntl),
+#endif
+#ifdef __NR_fstat
+       SECCOMP_ALLOW(__NR_fstat),
+#endif
 #ifdef __NR_getpid
        SECCOMP_ALLOW(__NR_getpid),
 #endif
@@ -234,6 +243,9 @@ static struct sock_filter ps_seccomp_filter[] = {
 #ifdef __NR_shutdown
        SECCOMP_ALLOW(__NR_shutdown),
 #endif
+#ifdef __NR_wait4
+       SECCOMP_ALLOW(__NR_wait4),
+#endif
 #ifdef __NR_write
        SECCOMP_ALLOW(__NR_write),
 #endif