From: Roy Marples <roy@marples.name>
Date: Mon, 21 Sep 2020 10:20:46 +0000 (+0100)
Subject: privsep: Allow __NR_mmap for seccomp
X-Git-Tag: v9.3.0~25
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=c6582a8a11e7ad99e2f0a935dd42879b03875a31;p=thirdparty%2Fdhcpcd.git

privsep: Allow __NR_mmap for seccomp

Some malloc implementations might use it rather than brk.
---

diff --git a/src/privsep-linux.c b/src/privsep-linux.c
index 3f0cb123..789c9d80 100644
--- a/src/privsep-linux.c
+++ b/src/privsep-linux.c
@@ -238,6 +238,9 @@ static struct sock_filter ps_seccomp_filter[] = {
 	/* SECCOMP BPF is newer than nl80211 so we don't need SIOCGIWESSID
 	 * which lives in the impossible to include linux/wireless.h header */
 #endif
+#ifdef __NR_mmap
+	SECCOMP_ALLOW(__NR_mmap),
+#endif
 #ifdef __NR_munmap
 	SECCOMP_ALLOW(__NR_munmap),
 #endif