[openwrt/openwrt] umdns: add missing syscalls to seccomp filter

LEDE Commits lede-commits at lists.infradead.org
Sun Apr 18 13:15:29 BST 2021 

hauke pushed a commit to openwrt/openwrt.git, branch openwrt-21.02:
https://git.openwrt.org/1a0afbd6f21fa44a57ce643dcc99dad654231855

commit 1a0afbd6f21fa44a57ce643dcc99dad654231855
Author: Daniel Golle <daniel at makrotopia.org>
AuthorDate: Sat Apr 10 17:30:49 2021 +0100

    umdns: add missing syscalls to seccomp filter
    
    Looks like 'openat', 'pipe2' and 'ppoll' are now needed, possibly due
    to changes on libraries used by umdns now using slightly different
    calls.
    
    Found using
    /etc/init.d/umdns trace
    now use umdns, ie. cover all ubus call etc., then
    /etc/init.d/umdns stop
    find list of syscalls traced in /tmp/umdns.*.json
    
    Fixes: FS#3355 ("UMDNS: does not start on master with seccomp")
    Signed-off-by: Daniel Golle <daniel at makrotopia.org>
    (cherry picked from commit 00a85a163405fdf9bee4d8c3f0ee87ca9ed259d6)
---
 package/network/services/umdns/files/umdns.json | 57 +++++++++++++------------
 1 file changed, 30 insertions(+), 27 deletions(-)

diff --git a/package/network/services/umdns/files/umdns.json b/package/network/services/umdns/files/umdns.json
index 4d5ed886d0..5533b7c512 100644
--- a/package/network/services/umdns/files/umdns.json
+++ b/package/network/services/umdns/files/umdns.json
@@ -3,41 +3,44 @@
 	"syscalls": [
 		{
 			"names": [
-				"read",
-				"write",
-				"writev",
-				"open",
-				"close",
-				"time",
-				"brk",
-				"ioctl",
-				"uname",
 				"bind",
+				"brk",
+				"clock_gettime",
+				"close",
 				"connect",
-				"getsockname",
-				"recvmsg",
-				"recvfrom",
-				"sendmsg",
-				"sendto",
-				"setsockopt",
-				"socket",
-				"pipe",
-				"poll",
-				"fcntl64",
-				"fstat",
 				"epoll_create",
 				"epoll_create1",
 				"epoll_ctl",
-				"epoll_wait",
 				"epoll_pwait",
-				"rt_sigaction",
-				"sigreturn",
-				"rt_sigreturn",
-				"rt_sigprocmask",
-				"exit_group",
+				"epoll_wait",
 				"exit",
+				"exit_group",
 				"fcntl",
-				"clock_gettime"
+				"fcntl64",
+				"fstat",
+				"getsockname",
+				"ioctl",
+				"open",
+				"openat",
+				"pipe",
+				"pipe2",
+				"poll",
+				"ppoll",
+				"read",
+				"recvfrom",
+				"recvmsg",
+				"rt_sigaction",
+				"rt_sigprocmask",
+				"rt_sigreturn",
+				"sendmsg",
+				"sendto",
+				"setsockopt",
+				"sigreturn",
+				"socket",
+				"time",
+				"uname",
+				"write",
+				"writev"
 			],
 			"action": "SCMP_ACT_ALLOW"
 		}

More information about the lede-commits mailing list