From 771822da1a08b03ae013d2ae6b8a00d7f4eb685c Mon Sep 17 00:00:00 2001
From: Michael Santos <michael.santos@gmail.com>
Date: Tue, 16 Aug 2022 07:26:48 -0400
Subject: [PATCH] 0.14.3: seccomp: add syscalls

Add syscalls for Ubuntu 22.04.
---
 src/restrict_process_seccomp.c | 22 +++++++++++++++++-----
 src/xmppipe.h                  |  2 +-
 2 files changed, 18 insertions(+), 6 deletions(-)

diff --git a/src/restrict_process_seccomp.c b/src/restrict_process_seccomp.c
index 5462a6c..8a91239 100644
--- a/src/restrict_process_seccomp.c
+++ b/src/restrict_process_seccomp.c
@@ -1,4 +1,4 @@
-/* Copyright (c) 2017-2020, Michael Santos <michael.santos@gmail.com>
+/* Copyright (c) 2017-2022, Michael Santos <michael.santos@gmail.com>
  *
  * Permission to use, copy, modify, and/or distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
@@ -48,7 +48,7 @@
                offsetof(struct seccomp_data, args[(_arg_nr)])),                \
       BPF_JUMP(BPF_JMP + BPF_JEQ + BPF_K, (_arg_val), 0, 1),                   \
       BPF_STMT(BPF_RET + BPF_K, SECCOMP_RET_ALLOW), /* reload syscall number;  \
-                                                       all rules expect it in                                                            \
+                                                       all rules expect it in  \
                                                        accumulator */          \
       BPF_STMT(BPF_LD + BPF_W + BPF_ABS, offsetof(struct seccomp_data, nr))
 
@@ -164,6 +164,9 @@ int restrict_process_init(xmppipe_state_t *state) {
 #ifdef __NR_newfstatat
       SC_ALLOW(newfstatat),
 #endif
+#ifdef __NR_getdents64
+      SC_ALLOW(getdents64),
+#endif
 
 /* uuid */
 #ifdef __NR_gettimeofday
@@ -200,13 +203,13 @@ int restrict_process_init(xmppipe_state_t *state) {
 #ifdef __NR_fstat64
       SC_ALLOW(fstat64),
 #endif
-#ifdef __NR_getrandom
-      SC_ALLOW(getrandom),
-#endif
 
 #ifdef __NR_getppid
       SC_ALLOW(getppid),
 #endif
+#ifdef __NR_getrandom
+      SC_ALLOW(getrandom),
+#endif
 #ifdef __NR_gettid
       SC_ALLOW(gettid),
 #endif
@@ -379,10 +382,19 @@ int restrict_process_stdin(xmppipe_state_t *state) {
 #ifdef __NR_fstat64
       SC_ALLOW(fstat64),
 #endif
+#ifdef __NR_newfstatat
+      SC_ALLOW(newfstatat),
+#endif
+#ifdef __NR_getdents64
+      SC_ALLOW(getdents64),
+#endif
 
 #ifdef __NR_getppid
       SC_ALLOW(getppid),
 #endif
+#ifdef __NR_getrandom
+      SC_ALLOW(getrandom),
+#endif
 #ifdef __NR_gettid
       SC_ALLOW(gettid),
 #endif
diff --git a/src/xmppipe.h b/src/xmppipe.h
index a17738a..d4460f0 100644
--- a/src/xmppipe.h
+++ b/src/xmppipe.h
@@ -27,7 +27,7 @@
 #include "strtonum.h"
 #endif
 
-#define XMPPIPE_VERSION "0.14.2"
+#define XMPPIPE_VERSION "0.14.3"
 #define XMPPIPE_RESOURCE "xmppipe"
 
 #define XMPPIPE_STREQ(a, b) (strcmp((a), (b)) == 0)