privsep: Allow getsockopt for SO_RCVBUF on Linux

author Roy Marples <roy@marples.name>

Sat, 12 Dec 2020 17:35:45 +0000 (17:35 +0000)

committer Roy Marples <roy@marples.name>

Sat, 12 Dec 2020 17:35:45 +0000 (17:35 +0000)
author Roy Marples <roy@marples.name>
Sat, 12 Dec 2020 17:35:45 +0000 (17:35 +0000)
committer Roy Marples <roy@marples.name>
Sat, 12 Dec 2020 17:35:45 +0000 (17:35 +0000)
diff --git a/src/privsep-linux.c b/src/privsep-linux.c

index 1fbe97fa09fbb79e247805a3d6069eb9a02bd8e0..050a30cf1dbabd8f06719e0d36f8d5a0dfd48262 100644 (file)
--- a/src/privsep-linux.c
+++ b/src/privsep-linux.c
@@ -28,6 +28,7 @@
  
  #include <sys/ioctl.h>
  #include <sys/prctl.h>
+#include <sys/socket.h>
  #include <sys/syscall.h>
  #include <sys/termios.h>       /* For TCGETS */
  
@@ -252,6 +253,11 @@ static struct sock_filter ps_seccomp_filter[] = {
  #ifdef __NR_getpid
         SECCOMP_ALLOW(__NR_getpid),
  #endif
+#ifdef __NR_getsockopt
+       /* For route socket overflow */
+       SECCOMP_ALLOW_ARG(__NR_getsockopt, 1, SOL_SOCKET),
+       SECCOMP_ALLOW_ARG(__NR_getsockopt, 2, SO_RCVBUF),
+#endif
  #ifdef __NR_ioctl
         SECCOMP_ALLOW_ARG(__NR_ioctl, 1, SIOCGIFFLAGS),
         SECCOMP_ALLOW_ARG(__NR_ioctl, 1, SIOCGIFHWADDR),
author	Roy Marples <roy@marples.name>
	Sat, 12 Dec 2020 17:35:45 +0000 (17:35 +0000)
committer	Roy Marples <roy@marples.name>
	Sat, 12 Dec 2020 17:35:45 +0000 (17:35 +0000)