From 00a85a163405fdf9bee4d8c3f0ee87ca9ed259d6 Mon Sep 17 00:00:00 2001 From: Daniel Golle Date: Sat, 10 Apr 2021 17:30:49 +0100 Subject: [PATCH] umdns: add missing syscalls to seccomp filter Looks like 'openat', 'pipe2' and 'ppoll' are now needed, possibly due to changes on libraries used by umdns now using slightly different calls. Found using /etc/init.d/umdns trace now use umdns, ie. cover all ubus call etc., then /etc/init.d/umdns stop find list of syscalls traced in /tmp/umdns.*.json Fixes: FS#3355 ("UMDNS: does not start on master with seccomp") Signed-off-by: Daniel Golle --- .../network/services/umdns/files/umdns.json | 57 ++++++++++--------- 1 file changed, 30 insertions(+), 27 deletions(-) diff --git a/package/network/services/umdns/files/umdns.json b/package/network/services/umdns/files/umdns.json index 4d5ed886d0..5533b7c512 100644 --- a/package/network/services/umdns/files/umdns.json +++ b/package/network/services/umdns/files/umdns.json @@ -3,41 +3,44 @@ "syscalls": [ { "names": [ - "read", - "write", - "writev", - "open", - "close", - "time", - "brk", - "ioctl", - "uname", "bind", + "brk", + "clock_gettime", + "close", "connect", - "getsockname", - "recvmsg", - "recvfrom", - "sendmsg", - "sendto", - "setsockopt", - "socket", - "pipe", - "poll", - "fcntl64", - "fstat", "epoll_create", "epoll_create1", "epoll_ctl", - "epoll_wait", "epoll_pwait", - "rt_sigaction", - "sigreturn", - "rt_sigreturn", - "rt_sigprocmask", - "exit_group", + "epoll_wait", "exit", + "exit_group", "fcntl", - "clock_gettime" + "fcntl64", + "fstat", + "getsockname", + "ioctl", + "open", + "openat", + "pipe", + "pipe2", + "poll", + "ppoll", + "read", + "recvfrom", + "recvmsg", + "rt_sigaction", + "rt_sigprocmask", + "rt_sigreturn", + "sendmsg", + "sendto", + "setsockopt", + "sigreturn", + "socket", + "time", + "uname", + "write", + "writev" ], "action": "SCMP_ACT_ALLOW" } -- 2.30.2