chutzpah 14/07/08 18:34:25 Added: lldpd-0.7.9-seccomp-add-syscalls.patch Log: Revision bump, add a patch to whitelist some more syscalls in seccomp and remove the pidfile patch. (Portage version: 2.2.10/cvs/Linux x86_64, signed Manifest commit with key 0xE3F69979BB4B8928DA78E3D17CBF44EF)
Revision Changes Path 1.1 net-misc/lldpd/files/lldpd-0.7.9-seccomp-add-syscalls.patch file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-misc/lldpd/files/lldpd-0.7.9-seccomp-add-syscalls.patch?rev=1.1&view=markup plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-misc/lldpd/files/lldpd-0.7.9-seccomp-add-syscalls.patch?rev=1.1&content-type=text/plain Index: lldpd-0.7.9-seccomp-add-syscalls.patch =================================================================== diff --git a/src/daemon/priv-seccomp.c b/src/daemon/priv-seccomp.c index 7eb49d6..c69d82a 100644 --- a/src/daemon/priv-seccomp.c +++ b/src/daemon/priv-seccomp.c @@ -160,6 +160,10 @@ priv_seccomp_init(int remote, int child) (rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(stat), 0)) < 0 || (rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(rt_sigreturn), 0)) < 0 || (rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(close), 0)) < 0 || + (rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(sendto), 0)) < 0 || + (rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(poll), 0)) < 0 || + (rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(recvmsg), 0)) < 0 || + (rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(readv), 0)) < 0 || /* The following are for resolving addresses */ (rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(mmap), 0)) < 0 || (rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(munmap), 0)) < 0 ||
