umdns: add missing syscalls to seccomp filter

Looks like 'openat', 'pipe2' and 'ppoll' are now needed, possibly due to changes on libraries used by umdns now using slightly different calls. Found using /etc/init.d/umdns trace now use umdns, ie. cover all ubus call etc., then /etc/init.d/umdns stop find list of syscalls traced in /tmp/umdns.*.json Fixes: FS#3355 ("UMDNS: does not start on master with seccomp") Signed-off-by: Daniel Golle <daniel@makrotopia.org> (cherry picked from commit 00a85a1634)
2021-04-10 17:30:49 +01:00 · 2021-04-10 17:30:49 +01:00 · 1a0afbd6f2
commit 1a0afbd6f2
parent 36ee555c5f
1 changed files with 30 additions and 27 deletions
--- a/package/network/services/umdns/files/umdns.json
+++ b/package/network/services/umdns/files/umdns.json
@ -3,41 +3,44 @@
 	"syscalls": [
 		{
 			"names": [
-				"read",
-				"write",
-				"writev",
-				"open",
-				"close",
-				"time",
-				"brk",
-				"ioctl",
-				"uname",
 				"bind",
+				"brk",
+				"clock_gettime",
+				"close",
 				"connect",
-				"getsockname",
-				"recvmsg",
-				"recvfrom",
-				"sendmsg",
-				"sendto",
-				"setsockopt",
-				"socket",
-				"pipe",
-				"poll",
-				"fcntl64",
-				"fstat",
 				"epoll_create",
 				"epoll_create1",
 				"epoll_ctl",
-				"epoll_wait",
 				"epoll_pwait",
-				"rt_sigaction",
-				"sigreturn",
-				"rt_sigreturn",
-				"rt_sigprocmask",
-				"exit_group",
+				"epoll_wait",
 				"exit",
+				"exit_group",
 				"fcntl",
-				"clock_gettime"
+				"fcntl64",
+				"fstat",
+				"getsockname",
+				"ioctl",
+				"open",
+				"openat",
+				"pipe",
+				"pipe2",
+				"poll",
+				"ppoll",
+				"read",
+				"recvfrom",
+				"recvmsg",
+				"rt_sigaction",
+				"rt_sigprocmask",
+				"rt_sigreturn",
+				"sendmsg",
+				"sendto",
+				"setsockopt",
+				"sigreturn",
+				"socket",
+				"time",
+				"uname",
+				"write",
+				"writev"
 			],
 			"action": "SCMP_ACT_ALLOW"
 		}