[openwrt/openwrt] umdns: add missing syscalls to seccomp filter

LEDE Commits lede-commits at lists.infradead.org
Sat Apr 10 17:37:09 BST 2021 

dangole pushed a commit to openwrt/openwrt.git, branch master:
https://git.openwrt.org/00a85a163405fdf9bee4d8c3f0ee87ca9ed259d6

commit 00a85a163405fdf9bee4d8c3f0ee87ca9ed259d6
Author: Daniel Golle <daniel at makrotopia.org>
AuthorDate: Sat Apr 10 17:30:49 2021 +0100

    umdns: add missing syscalls to seccomp filter
    
    Looks like 'openat', 'pipe2' and 'ppoll' are now needed, possibly due
    to changes on libraries used by umdns now using slightly different
    calls.
    
    Found using
    /etc/init.d/umdns trace
    now use umdns, ie. cover all ubus call etc., then
    /etc/init.d/umdns stop
    find list of syscalls traced in /tmp/umdns.*.json
    
    Fixes: FS#3355 ("UMDNS: does not start on master with seccomp")
    Signed-off-by: Daniel Golle <daniel at makrotopia.org>
---
 package/network/services/umdns/files/umdns.json | 57 +++++++++++++------------
 1 file changed, 30 insertions(+), 27 deletions(-)

diff --git a/package/network/services/umdns/files/umdns.json b/package/network/services/umdns/files/umdns.json
index 4d5ed886d0..5533b7c512 100644
--- a/package/network/services/umdns/files/umdns.json
+++ b/package/network/services/umdns/files/umdns.json
@@ -3,41 +3,44 @@
 	"syscalls": [
 		{
 			"names": [
-				"read",
-				"write",
-				"writev",
-				"open",
-				"close",
-				"time",
-				"brk",
-				"ioctl",
-				"uname",
 				"bind",
+				"brk",
+				"clock_gettime",
+				"close",
 				"connect",
-				"getsockname",
-				"recvmsg",
-				"recvfrom",
-				"sendmsg",
-				"sendto",
-				"setsockopt",
-				"socket",
-				"pipe",
-				"poll",
-				"fcntl64",
-				"fstat",
 				"epoll_create",
 				"epoll_create1",
 				"epoll_ctl",
-				"epoll_wait",
 				"epoll_pwait",
-				"rt_sigaction",
-				"sigreturn",
-				"rt_sigreturn",
-				"rt_sigprocmask",
-				"exit_group",
+				"epoll_wait",
 				"exit",
+				"exit_group",
 				"fcntl",
-				"clock_gettime"
+				"fcntl64",
+				"fstat",
+				"getsockname",
+				"ioctl",
+				"open",
+				"openat",
+				"pipe",
+				"pipe2",
+				"poll",
+				"ppoll",
+				"read",
+				"recvfrom",
+				"recvmsg",
+				"rt_sigaction",
+				"rt_sigprocmask",
+				"rt_sigreturn",
+				"sendmsg",
+				"sendto",
+				"setsockopt",
+				"sigreturn",
+				"socket",
+				"time",
+				"uname",
+				"write",
+				"writev"
 			],
 			"action": "SCMP_ACT_ALLOW"
 		}

More information about the lede-commits mailing list