diff options
author | Thomas Habets <thomas@habets.se> | 2022-03-06 15:23:05 +0000 |
---|---|---|
committer | Thomas Habets <thomas@habets.se> | 2022-03-06 15:32:00 +0000 |
commit | 9e59a0a3116b46830c64e2b080ffb14175a13030 (patch) | |
tree | 9ceadcf971eb7fb754bae50f67e15fcb953b513e | |
parent | 89292eae4fce7a07379e02b1bae1f20defb15e69 (diff) | |
download | arping-9e59a0a3116b46830c64e2b080ffb14175a13030.tar.gz |
seccomp: Add newfstatat to whitelist
-rw-r--r-- | src/arping.c | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/src/arping.c b/src/arping.c index dbfb18a..be6e151 100644 --- a/src/arping.c +++ b/src/arping.c @@ -479,8 +479,10 @@ drop_privileges(const char* drop_group) static void seccomp_allow(scmp_filter_ctx ctx, const char* name) { if (seccomp_rule_add(ctx, SCMP_ACT_ALLOW, seccomp_syscall_resolve_name(name), 0)) { - perror("seccomp_rule_add_exact()"); - exit(1); + if (verbose) { + fprintf(stderr, "arping: seccomp_rule_add_exact(%s): %s", + name, strerror(errno)); + } } } @@ -524,6 +526,7 @@ static void drop_seccomp(int libnet_fd) // Other. seccomp_allow(ctx, "select"); seccomp_allow(ctx, "pselect6"); + seccomp_allow(ctx, "newfstatat"); seccomp_allow(ctx, "exit_group"); seccomp_allow(ctx, "rt_sigreturn"); |