Allow the dup syscall, it is used on glibc systems when GeoIP lookups are enabled. - logswan - Fast Web log analyzer using probabilistic data structures

commit fe0e62147b7a590fc9bb7c30ab3904e71f10eb41
parent ab8c47458e3df759a864062f3bd61f73f0fc1dca
Author: Frederic Cambus <fred@statdns.com>
Date:   Wed, 23 Oct 2019 22:16:31 +0200

Allow the dup syscall, it is used on glibc systems when GeoIP lookups are enabled.

Diffstat:
M src/seccomp.h  | 2 ++

1 file changed, 2 insertions(+), 0 deletions(-)
diff --git a/src/seccomp.h b/src/seccomp.h
@@ -25,6 +25,8 @@ static struct sock_filter filter[] = {
 	BPF_STMT(BPF_RET+BPF_K, SECCOMP_RET_ALLOW),
 	BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, SYS_close, 0, 1),
 	BPF_STMT(BPF_RET+BPF_K, SECCOMP_RET_ALLOW),
+	BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, SYS_dup, 0, 1),
+	BPF_STMT(BPF_RET+BPF_K, SECCOMP_RET_ALLOW),
 	BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, SYS_exit_group, 0, 1),
 	BPF_STMT(BPF_RET+BPF_K, SECCOMP_RET_ALLOW),
 	BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, SYS_fcntl, 0, 1),

	logswan Fast Web log analyzer using probabilistic data structures
	Log \| Files \| Refs \| README \| LICENSE