Merge pull request #107 from Duncaen/seccomp-i386

allow some missing syscalls for i386 with glibc
kristapsdz · Nov 20, 2023 · a456dec · a456dec
2 parents 3dff486 + 3f41e39
commit a456dec
Showing 1 changed file with 6 additions and 0 deletions.
diff --git a/sandbox-seccomp-filter.c b/sandbox-seccomp-filter.c
@@ -102,6 +102,9 @@ static const struct sock_filter preauth_ctrl[] = {
 #endif
 #ifdef __NR_accept /* not defined for __i386__ (linux) */
 	SC_ALLOW(accept),
+#endif
+#ifdef __NR_socketcall /* used for accept on __i386__ (linux) */
+	SC_ALLOW(socketcall),
 #endif
 	SC_ALLOW(fcntl),
 #ifdef __NR_fcntl64 /* only noted on arm */
@@ -190,6 +193,9 @@ static const struct sock_filter preauth_work[] = {
 	SC_ALLOW(fstat), /* for kutil_openlog logging */
 #ifdef __NR_newfstatat
 	SC_ALLOW(newfstatat), /* for kutil_openlog logging */
+#endif
+#ifdef __NR_statx
+	SC_ALLOW(statx), /* for kutil_openlog logging */
 #endif
 	SC_ALLOW(write),
 	SC_ALLOW(writev),