umdns: add missing syscalls to seccomp filter

Looks like 'openat', 'pipe2' and 'ppoll' are now needed, possibly due to changes on libraries used by umdns now using slightly different calls. Found using /etc/init.d/umdns trace now use umdns, ie. cover all ubus call etc., then /etc/init.d/umdns stop find list of syscalls traced in /tmp/umdns.*.json Fixes: FS#3355 ("UMDNS: does not start on master with seccomp") Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2025-03-01 11:12:22 +00:00 · 2021-04-10 17:30:49 +01:00 · 2021-04-10 17:30:49 +01:00 · 00a85a1634
commit 00a85a1634
parent 734c3f7148
1 changed files with 30 additions and 27 deletions
--- a/package/network/services/umdns/files/umdns.json
+++ b/package/network/services/umdns/files/umdns.json
@ -3,41 +3,44 @@
 	"syscalls": [
 		{
 			"names": [
-				"read",
-				"write",
-				"writev",
-				"open",
-				"close",
-				"time",
-				"brk",
-				"ioctl",
-				"uname",
 				"bind",
+				"brk",
+				"clock_gettime",
+				"close",
 				"connect",
-				"getsockname",
-				"recvmsg",
-				"recvfrom",
-				"sendmsg",
-				"sendto",
-				"setsockopt",
-				"socket",
-				"pipe",
-				"poll",
-				"fcntl64",
-				"fstat",
 				"epoll_create",
 				"epoll_create1",
 				"epoll_ctl",
-				"epoll_wait",
 				"epoll_pwait",
-				"rt_sigaction",
-				"sigreturn",
-				"rt_sigreturn",
-				"rt_sigprocmask",
-				"exit_group",
+				"epoll_wait",
 				"exit",
+				"exit_group",
 				"fcntl",
-				"clock_gettime"
+				"fcntl64",
+				"fstat",
+				"getsockname",
+				"ioctl",
+				"open",
+				"openat",
+				"pipe",
+				"pipe2",
+				"poll",
+				"ppoll",
+				"read",
+				"recvfrom",
+				"recvmsg",
+				"rt_sigaction",
+				"rt_sigprocmask",
+				"rt_sigreturn",
+				"sendmsg",
+				"sendto",
+				"setsockopt",
+				"sigreturn",
+				"socket",
+				"time",
+				"uname",
+				"write",
+				"writev"
 			],
 			"action": "SCMP_ACT_ALLOW"
 		}