1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
|
From: Leigh Brown <leigh@solinno.co.uk>
Date: Wed, 13 Mar 2019 17:56:08 +0100
Subject: [PATCH] sys_linux: allow recv and send in seccomp filter
The lack of these two system calls has been problematic for the armv5tel
architecture. Other architectures might also be affected.
Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=924494
Forwarded: https://listengine.tuxfamily.org/chrony.tuxfamily.org/chrony-dev/2019/03/msg00000.html
Applied-Upstream: https://git.tuxfamily.org/chrony/chrony.git/commit/?id=79db0b7eca3ffff1b6c6a86cf1a342a40cc76d2f
---
--- a/sys_linux.c
+++ b/sys_linux.c
@@ -504,8 +504,8 @@ SYS_Linux_EnableSystemCallFilter(int lev
SCMP_SYS(stat64), SCMP_SYS(statfs), SCMP_SYS(statfs64), SCMP_SYS(unlink),
/* Socket */
SCMP_SYS(bind), SCMP_SYS(connect), SCMP_SYS(getsockname), SCMP_SYS(getsockopt),
- SCMP_SYS(recvfrom), SCMP_SYS(recvmmsg), SCMP_SYS(recvmsg),
- SCMP_SYS(sendmmsg), SCMP_SYS(sendmsg), SCMP_SYS(sendto),
+ SCMP_SYS(recv), SCMP_SYS(recvfrom), SCMP_SYS(recvmmsg), SCMP_SYS(recvmsg),
+ SCMP_SYS(send), SCMP_SYS(sendmmsg), SCMP_SYS(sendmsg), SCMP_SYS(sendto),
/* TODO: check socketcall arguments */
SCMP_SYS(socketcall),
/* General I/O */
|
