From f5572ef1daf21d20f4a7d261884291c0acddd947 Mon Sep 17 00:00:00 2001
From: Julian Andres Klode <jak@debian.org>
Date: Mon, 23 Oct 2017 00:35:15 +0200
Subject: seccomp: Add missing syscalls for ppc64el, i386, and others

These are a few overlooked syscalls. Also add readv(), writev(),
renameat2(), and statx() in case libc uses them.

Gbp-Dch: ignore
---
 methods/aptmethod.h | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/methods/aptmethod.h b/methods/aptmethod.h
index d5d426914..ea75f4848 100644
--- a/methods/aptmethod.h
+++ b/methods/aptmethod.h
@@ -160,6 +160,7 @@ protected:
       ALLOW(msync);
       ALLOW(munmap);
       ALLOW(newfstatat);
+      ALLOW(_newselect);
       ALLOW(oldfstat);
       ALLOW(oldlstat);
       ALLOW(oldolduname);
@@ -175,8 +176,10 @@ protected:
       ALLOW(prlimit64);
       ALLOW(pselect6);
       ALLOW(read);
+      ALLOW(readv);
       ALLOW(rename);
       ALLOW(renameat);
+      ALLOW(renameat2);
       ALLOW(rt_sigaction);
       ALLOW(rt_sigpending);
       ALLOW(rt_sigprocmask);
@@ -193,7 +196,10 @@ protected:
       ALLOW(sigreturn);
       ALLOW(sigsuspend);
       ALLOW(stat);
+      ALLOW(stat64);
       ALLOW(statfs);
+      ALLOW(statfs64);
+      ALLOW(statx);
       ALLOW(sync);
       ALLOW(syscall);
       ALLOW(time);
@@ -208,6 +214,7 @@ protected:
       ALLOW(utimensat);
       ALLOW(utimes);
       ALLOW(write);
+      ALLOW(writev);
 
       if ((SeccompFlags & Seccomp::NETWORK) != 0)
       {
@@ -217,12 +224,16 @@ protected:
 	 ALLOW(getsockopt);
 	 ALLOW(recv);
 	 ALLOW(recvfrom);
+	 ALLOW(recvmmsg);
 	 ALLOW(recvmsg);
 	 ALLOW(send);
+	 ALLOW(sendmmsg);
 	 ALLOW(sendmsg);
 	 ALLOW(sendto);
 	 ALLOW(setsockopt);
+	 ALLOW(shutdown);
 	 ALLOW(socket);
+	 ALLOW(socketcall);
       }
 
       if ((SeccompFlags & Seccomp::DIRECTORY) != 0)
-- 
cgit v1.2.3