[seccomp] allow ioctl(FIONREAD)

it's needed by bufferevent_read
author: Omar Polo <op@omarpolo.com> 2021-09-26 20:00:38 +0000
committer: Omar Polo <op@omarpolo.com> 2021-09-26 20:00:38 +0000
commit: 6f27d2595ae350dc6f9ce226d079370645dbff03 (patch)
tree: cb6d314dc1e79324c02c2f9d691b7a64eed82d2e /sandbox.c
parent: 2a44a2ab6e380de2a13acc60309fa9bcb38fb64b (diff)
1 files changed, 3 insertions, 1 deletions
diff --git a/sandbox.c b/sandbox.c
index 31d9f22..01cb34b 100644
--- a/sandbox.c
+++ b/sandbox.c
@@ -320,8 +320,10 @@ static struct sock_filter filter[] = {
 	SC_ALLOW(gettimeofday),
 #endif
 #ifdef __NR_ioctl
-	/* allow ioctl only on fd 1, glibc doing stuff? */
+	/* allow ioctl on fd 1, glibc doing stuff? */
         SC_ALLOW_ARG(__NR_ioctl, 0, 1),
+	/* allow FIONREAD needed by libevent */
+	SC_ALLOW_ARG(__NR_ioctl, 1, FIONREAD),
 #endif
 #ifdef __NR_lseek
 	SC_ALLOW(lseek),
author	Omar Polo <op@omarpolo.com>	2021-09-26 20:00:38 +0000
committer	Omar Polo <op@omarpolo.com>	2021-09-26 20:00:38 +0000
commit	6f27d2595ae350dc6f9ce226d079370645dbff03 (patch)
tree	cb6d314dc1e79324c02c2f9d691b7a64eed82d2e /sandbox.c
parent	2a44a2ab6e380de2a13acc60309fa9bcb38fb64b (diff)