[seccomp] allow ioctl(FIONREAD)

it's needed by bufferevent_read
2021-09-26 20:00:38 +00:00 · 2021-09-26 20:00:38 +00:00 · 6f27d2595a
parent 2a44a2ab6e
commit 6f27d2595a
1 changed files with 3 additions and 1 deletions
--- a/sandbox.c
+++ b/sandbox.c
@ -320,8 +320,10 @@ static struct sock_filter filter[] = {
 	SC_ALLOW(gettimeofday),
 #endif
 #ifdef __NR_ioctl
-	/* allow ioctl only on fd 1, glibc doing stuff? */
+	/* allow ioctl on fd 1, glibc doing stuff? */
        SC_ALLOW_ARG(__NR_ioctl, 0, 1),
+	/* allow FIONREAD needed by libevent */
+	SC_ALLOW_ARG(__NR_ioctl, 1, FIONREAD),
 #endif
 #ifdef __NR_lseek
 	SC_ALLOW(lseek),