reworked seccomp filter

* SECCOMP_AUDIT_ARCH extended to support more architectures * relax fcntl policy: allow the syscall regardless of the flags * wrap every syscall in a ifdef, and add some (statx, fcntl64, ...) used in x86 Some bits were taken from dhcpcd[0], thanks! #4 related [0]: https://roy.marples.name/git/dhcpcd/blob/HEAD:/src/privsep-linux.c
author: Omar Polo <op@omarpolo.com> 2021-07-02 09:11:40 +0000
committer: Omar Polo <op@omarpolo.com> 2021-07-02 09:11:40 +0000
commit: 137def5ff4c0f9720391ca88191cf9fee6d8ae9a (patch)
tree: 0cf32e1cc12a480e2b3c51c65bd69d2fc6af95ec /ChangeLog
parent: 4f9a27603c096e6f6a10e0cd789fd1dd279d5853 (diff)
1 files changed, 4 insertions, 0 deletions
diff --git a/ChangeLog b/ChangeLog
index 46c9c1e..ec62a46 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,7 @@
+2021-07-02  Omar Polo  <op@omarpolo.com>
+
+	* sandbox.c (filter): seccomp filter reworked: now it should work on x86 and possibly other arches too!
+
 2021-06-29  Omar Polo  <op@omarpolo.com>
 
 	* parse.y (conf): don't require the strict order macro > options > servers
author	Omar Polo <op@omarpolo.com>	2021-07-02 09:11:40 +0000
committer	Omar Polo <op@omarpolo.com>	2021-07-02 09:11:40 +0000
commit	137def5ff4c0f9720391ca88191cf9fee6d8ae9a (patch)
tree	0cf32e1cc12a480e2b3c51c65bd69d2fc6af95ec /ChangeLog
parent	4f9a27603c096e6f6a10e0cd789fd1dd279d5853 (diff)