| Andrew Geissler | 97771a3 | 2021-03-05 15:23:11 -0600 | [diff] [blame] | 1 | From 7bc261076ec94efa3197beaca39eba095d162b5e Mon Sep 17 00:00:00 2001 |
| 2 | From: Yi Zhao <yi.zhao@windriver.com> |
| 3 | Date: Fri, 26 Feb 2021 16:32:27 +0800 |
| 4 | Subject: [PATCH] seccompsandbox.c: allow newfstatat and pselect6 syscalls in |
| 5 | the seccomp sandbox |
| 6 | |
| 7 | Allow newfstatat and pselect6 in the seccomp sanbox for glibc 2.33. |
| 8 | |
| 9 | Fixes the following OOPS error: |
| 10 | root@qemux86-64:~# tnftp 192.168.1.1 |
| 11 | Connected to 192.168.1.1. |
| 12 | 220 (vsFTPd 3.0.3) |
| 13 | Name (192.168.1.1:root): anonymous |
| 14 | 331 Please specify the password. |
| 15 | Password: |
| 16 | 230 Login successful. |
| 17 | Remote system type is UNIX. |
| 18 | Using binary mode to transfer files. |
| 19 | ftp> ls |
| 20 | OOPS: priv_sock_get_cmd |
| 21 | |
| 22 | Upstream-Status: Pending |
| 23 | |
| 24 | Signed-off-by: Yi Zhao <yi.zhao@windriver.com> |
| 25 | --- |
| 26 | seccompsandbox.c | 2 ++ |
| 27 | 1 file changed, 2 insertions(+) |
| 28 | |
| 29 | diff --git a/seccompsandbox.c b/seccompsandbox.c |
| 30 | index 377c50e..f601241 100644 |
| 31 | --- a/seccompsandbox.c |
| 32 | +++ b/seccompsandbox.c |
| 33 | @@ -267,6 +267,7 @@ seccomp_sandbox_setup_data_connections() |
| 34 | 3, IPPROTO_TCP); |
| 35 | allow_nr(__NR_bind); |
| 36 | allow_nr(__NR_select); |
| 37 | + allow_nr(__NR_pselect6); |
| 38 | if (tunable_port_enable) |
| 39 | { |
| 40 | allow_nr(__NR_connect); |
| 41 | @@ -411,6 +412,7 @@ seccomp_sandbox_setup_postlogin(const struct vsf_session* p_sess) |
| 42 | allow_nr(__NR_getdents); |
| 43 | allow_nr(__NR_getdents64); |
| 44 | allow_nr(__NR_sysinfo); |
| 45 | + allow_nr(__NR_newfstatat); |
| 46 | /* Misc */ |
| 47 | allow_nr(__NR_umask); |
| 48 | |
| 49 | -- |
| 50 | 2.17.1 |
| 51 | |