[seccomp] Whitelist newfstatat and fix a few #ifdefs

Some newer versions of either glibc or libsqlite3 seem to require this
syscall for the server to terminate properly.
This commit is contained in:
dongresource 2022-09-04 20:53:17 +02:00
parent 2dbe2629c1
commit f126b88781

View File

@ -153,15 +153,18 @@ static sock_filter filter[] = {
ALLOW_SYSCALL(read),
ALLOW_SYSCALL(write),
ALLOW_SYSCALL(close),
#if __NR_stat
#ifdef __NR_stat
ALLOW_SYSCALL(stat),
#endif
ALLOW_SYSCALL(fstat),
#ifdef __NR_newfstatat
ALLOW_SYSCALL(newfstatat),
#endif
ALLOW_SYSCALL(fsync), // maybe
#if __NR_creat
#ifdef __NR_creat
ALLOW_SYSCALL(creat), // maybe; for DB journal
#endif
#if __NR_unlink
#ifdef __NR_unlink
ALLOW_SYSCALL(unlink), // for DB journal
#endif
ALLOW_SYSCALL(lseek), // musl-libc; alt DB
@ -274,7 +277,7 @@ static sock_filter filter[] = {
#endif
// AArch64 (ARM64)
#if __NR_unlinkat
#ifdef __NR_unlinkat
ALLOW_SYSCALL(unlinkat),
#endif
#ifdef __NR_fstatat64