| 1234567891011121314151617181920212223242526272829 |
- From 78573ec1c43346064661169c5c8df32e7c3bd6d6 Mon Sep 17 00:00:00 2001
- From: Christos Zoulas <christos@zoulas.com>
- Date: Fri, 17 Jan 2020 17:12:58 +0000
- Subject: [PATCH] PR/130: tobias: adjust seccomp for ioctl on hardwired
- terminal
- ---
- src/seccomp.c | 8 ++++++--
- 1 file changed, 6 insertions(+), 2 deletions(-)
- diff --git a/src/seccomp.c b/src/seccomp.c
- index ebf3ea1cb..0ba17233b 100644
- --- a/src/seccomp.c
- +++ b/src/seccomp.c
- @@ -186,8 +186,12 @@ enable_sandbox_full(void)
- ALLOW_IOCTL_RULE(FIONREAD);
- #endif
- #ifdef TIOCGWINSZ
- - // musl libc may call ioctl TIOCGWINSZ when calling stdout
- + // musl libc may call ioctl TIOCGWINSZ on stdout
- ALLOW_IOCTL_RULE(TIOCGWINSZ);
- +#endif
- +#ifdef TCGETS
- + // glibc may call ioctl TCGETS on stdout on physical terminal
- + ALLOW_IOCTL_RULE(TCGETS);
- #endif
- ALLOW_RULE(lseek);
- ALLOW_RULE(_llseek);
|
