From: Patrick McLean <chutzpah@gentoo.org>
Date: Mon, 27 Apr 2020 18:38:42 +0000 (+0200)
Subject: v1.0.1: seccomp - add brk
X-Git-Tag: 1.0.6~19^2~1
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=546bf8fe865dc9c1d188b3a8cf426d68dc34a436;p=thirdparty%2Flldpd.git

v1.0.1: seccomp - add brk

Signed-off-by: Lars Wendler <polynomial-c@gentoo.org>
---

diff --git a/src/daemon/priv-seccomp.c b/src/daemon/priv-seccomp.c
index 19689fe2..d3058565 100644
--- a/src/daemon/priv-seccomp.c
+++ b/src/daemon/priv-seccomp.c
@@ -163,6 +163,7 @@ priv_seccomp_init(int remote, int child)
 	    (rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(sendmmsg), 0)) < 0 ||
 	    (rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(wait4), 0)) < 0 ||
 	    (rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(stat), 0)) < 0 ||
+	    (rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(brk), 0)) < 0 || /* brk needed for newer libc */
 	    (rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(getpid), 0)) < 0 ||
 	    (rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(rt_sigreturn), 0)) < 0 ||
 	    (rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(close), 0)) < 0 ||