From dfe596447b8701cee3541cea25c19b5fc7f9c64c Mon Sep 17 00:00:00 2001
From: dongresource <dongresource@protonmail.com>
Date: Sat, 6 Nov 2021 21:07:13 +0100
Subject: [PATCH] Whitelist syscalls for 32-bit x86 Linux

Should probably filter the args to this for the sake of proper
sandboxing.
---
 src/sandbox/seccomp.cpp | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/src/sandbox/seccomp.cpp b/src/sandbox/seccomp.cpp
index ff0a5c9..67f95ac 100644
--- a/src/sandbox/seccomp.cpp
+++ b/src/sandbox/seccomp.cpp
@@ -117,7 +117,9 @@ static sock_filter filter[] = {
 
     // networking
     ALLOW_SYSCALL(poll),
+#ifdef __NR_accept
     ALLOW_SYSCALL(accept),
+#endif
     ALLOW_SYSCALL(setsockopt),
     ALLOW_SYSCALL(sendto),
     ALLOW_SYSCALL(recvfrom),
@@ -131,6 +133,11 @@ static sock_filter filter[] = {
 #endif
     ALLOW_SYSCALL(rt_sigreturn),
 
+    // i386
+#ifdef __NR_socketcall
+    ALLOW_SYSCALL(socketcall),
+#endif
+
     // Raspberry Pi (ARM)
 #ifdef __NR_set_robust_list
     ALLOW_SYSCALL(set_robust_list),