From f126b887814a831941ffc4d0aa4d5551826e216d Mon Sep 17 00:00:00 2001
From: dongresource <dongresource@protonmail.com>
Date: Sun, 4 Sep 2022 20:53:17 +0200
Subject: [PATCH] [seccomp] Whitelist newfstatat and fix a few #ifdefs

Some newer versions of either glibc or libsqlite3 seem to require this
syscall for the server to terminate properly.
---
 src/sandbox/seccomp.cpp | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/src/sandbox/seccomp.cpp b/src/sandbox/seccomp.cpp
index c179907..80f13ba 100644
--- a/src/sandbox/seccomp.cpp
+++ b/src/sandbox/seccomp.cpp
@@ -153,15 +153,18 @@ static sock_filter filter[] = {
     ALLOW_SYSCALL(read),
     ALLOW_SYSCALL(write),
     ALLOW_SYSCALL(close),
-#if __NR_stat
+#ifdef __NR_stat
     ALLOW_SYSCALL(stat),
 #endif
     ALLOW_SYSCALL(fstat),
+#ifdef __NR_newfstatat
+    ALLOW_SYSCALL(newfstatat),
+#endif
     ALLOW_SYSCALL(fsync), // maybe
-#if __NR_creat
+#ifdef __NR_creat
     ALLOW_SYSCALL(creat), // maybe; for DB journal
 #endif
-#if __NR_unlink
+#ifdef __NR_unlink
     ALLOW_SYSCALL(unlink), // for DB journal
 #endif
     ALLOW_SYSCALL(lseek), // musl-libc; alt DB
@@ -274,7 +277,7 @@ static sock_filter filter[] = {
 #endif
 
     // AArch64 (ARM64)
-#if __NR_unlinkat
+#ifdef __NR_unlinkat
     ALLOW_SYSCALL(unlinkat),
 #endif
 #ifdef __NR_fstatat64