umdns: add missing syscalls to seccomp filter

Looks like 'openat', 'pipe2' and 'ppoll' are now needed, possibly due
to changes on libraries used by umdns now using slightly different
calls.

Found using
/etc/init.d/umdns trace
now use umdns, ie. cover all ubus call etc., then
/etc/init.d/umdns stop
find list of syscalls traced in /tmp/umdns.*.json

Fixes: FS#3355 ("UMDNS: does not start on master with seccomp")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>

diff --git a/package/network/services/umdns/files/umdns.json b/package/network/services/umdns/files/umdns.json
index 4d5ed886d0dc3badf0f4844d49b15cdf7bf03edd..5533b7c5121ae9be2ccf45934e0e7e3d1174e9c8 100644 (file)
--- a/package/network/services/umdns/files/umdns.json
+++ b/package/network/services/umdns/files/umdns.json
@@ -3,41 +3,44 @@
        "syscalls": [
                {
                        "names": [
-                               "read",
-                               "write",
-                               "writev",
-                               "open",
-                               "close",
-                               "time",
-                               "brk",
-                               "ioctl",
-                               "uname",
                                "bind",
+                               "brk",
+                               "clock_gettime",
+                               "close",
                                "connect",
-                               "getsockname",
-                               "recvmsg",
-                               "recvfrom",
-                               "sendmsg",
-                               "sendto",
-                               "setsockopt",
-                               "socket",
-                               "pipe",
-                               "poll",
-                               "fcntl64",
-                               "fstat",
                                "epoll_create",
                                "epoll_create1",
                                "epoll_ctl",
-                               "epoll_wait",
                                "epoll_pwait",
-                               "rt_sigaction",
-                               "sigreturn",
-                               "rt_sigreturn",
-                               "rt_sigprocmask",
-                               "exit_group",
+                               "epoll_wait",
                                "exit",
+                               "exit_group",
                                "fcntl",
-                               "clock_gettime"
+                               "fcntl64",
+                               "fstat",
+                               "getsockname",
+                               "ioctl",
+                               "open",
+                               "openat",
+                               "pipe",
+                               "pipe2",
+                               "poll",
+                               "ppoll",
+                               "read",
+                               "recvfrom",
+                               "recvmsg",
+                               "rt_sigaction",
+                               "rt_sigprocmask",
+                               "rt_sigreturn",
+                               "sendmsg",
+                               "sendto",
+                               "setsockopt",
+                               "sigreturn",
+                               "socket",
+                               "time",
+                               "uname",
+                               "write",
+                               "writev"
                        ],
                        "action": "SCMP_ACT_ALLOW"
                }