From 6f27d2595ae350dc6f9ce226d079370645dbff03 Mon Sep 17 00:00:00 2001
From: Omar Polo <op@omarpolo.com>
Date: Sun, 26 Sep 2021 20:00:38 +0000
Subject: [PATCH] [seccomp] allow ioctl(FIONREAD)

it's needed by bufferevent_read
---
 sandbox.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/sandbox.c b/sandbox.c
index 31d9f22..01cb34b 100644
--- a/sandbox.c
+++ b/sandbox.c
@@ -320,8 +320,10 @@ static struct sock_filter filter[] = {
 	SC_ALLOW(gettimeofday),
 #endif
 #ifdef __NR_ioctl
-	/* allow ioctl only on fd 1, glibc doing stuff? */
+	/* allow ioctl on fd 1, glibc doing stuff? */
         SC_ALLOW_ARG(__NR_ioctl, 0, 1),
+	/* allow FIONREAD needed by libevent */
+	SC_ALLOW_ARG(__NR_ioctl, 1, FIONREAD),
 #endif
 #ifdef __NR_lseek
 	SC_ALLOW(lseek),