From: Roy Marples <roy@marples.name>
Date: Sat, 19 Sep 2020 23:53:47 +0000 (+0100)
Subject: privsep: Avoid "unconfined" seccomp warnings
X-Git-Tag: v9.3.0~32
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=c0d7fc60cd1db8ac57144e43cfd1cfed05e5adad;p=thirdparty%2Fdhcpcd.git

privsep: Avoid "unconfined" seccomp warnings

Unsure why these are needed atm....
---

diff --git a/src/privsep-linux.c b/src/privsep-linux.c
index 837ad281..ab844365 100644
--- a/src/privsep-linux.c
+++ b/src/privsep-linux.c
@@ -243,6 +243,22 @@ static struct sock_filter ps_seccomp_filter[] = {
 #ifdef __NR_uname
 	SECCOMP_ALLOW(__NR_uname),
 #endif
+
+	/* Avoid unconfined dmesg warnings.
+	 * XXX Why do we need these? */
+#ifdef __NR_exit_group
+	SECCOMP_ALLOW(__NR_exit_group),
+#endif
+#ifdef __NR_ftruncate
+	SECCOMP_ALLOW(__NR_ftruncate),
+#endif
+#ifdef __NR_munmap
+	SECCOMP_ALLOW(__NR_munmap),
+#endif
+#ifdef __NR_unlink
+	SECCOMP_ALLOW(__NR_unlink),
+#endif
+
 	/* Deny everything else */
 	BPF_STMT(BPF_RET + BPF_K, SECCOMP_FILTER_FAIL),
 };