From 100a3839b0b84c36e06ac00d993879799bee908e Mon Sep 17 00:00:00 2001
From: Roy Marples <roy@marples.name>
Date: Sun, 20 Sep 2020 19:44:23 +0100
Subject: [PATCH] privsep: Allow more syscalls for seccomp

dumplease now works over the control socket and stdin.
---
 src/privsep-linux.c | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/src/privsep-linux.c b/src/privsep-linux.c
index ab844365..eefca262 100644
--- a/src/privsep-linux.c
+++ b/src/privsep-linux.c
@@ -177,6 +177,9 @@ static struct sock_filter ps_seccomp_filter[] = {
 	/* Allow syscalls */
 	BPF_STMT(BPF_LD + BPF_W + BPF_ABS,
 		offsetof(struct seccomp_data, nr)),
+#ifdef __NR_accept
+	SECCOMP_ALLOW(__NR_accept),
+#endif
 #ifdef __NR_brk
 	SECCOMP_ALLOW(__NR_brk),
 #endif
@@ -192,6 +195,12 @@ static struct sock_filter ps_seccomp_filter[] = {
 #ifdef __NR_close
 	SECCOMP_ALLOW(__NR_close),
 #endif
+#ifdef __NR_fcntl
+	SECCOMP_ALLOW(__NR_fcntl),
+#endif
+#ifdef __NR_fstat
+	SECCOMP_ALLOW(__NR_fstat),
+#endif
 #ifdef __NR_getpid
 	SECCOMP_ALLOW(__NR_getpid),
 #endif
@@ -234,6 +243,9 @@ static struct sock_filter ps_seccomp_filter[] = {
 #ifdef __NR_shutdown
 	SECCOMP_ALLOW(__NR_shutdown),
 #endif
+#ifdef __NR_wait4
+	SECCOMP_ALLOW(__NR_wait4),
+#endif
 #ifdef __NR_write
 	SECCOMP_ALLOW(__NR_write),
 #endif
-- 
2.47.2