commit 6f27d2595ae350dc6f9ce226d079370645dbff03
from: Omar Polo <op@omarpolo.com>
date: Sun Sep 26 20:00:38 2021 UTC

[seccomp] allow ioctl(FIONREAD)

it's needed by bufferevent_read

commit - 2a44a2ab6e380de2a13acc60309fa9bcb38fb64b
commit + 6f27d2595ae350dc6f9ce226d079370645dbff03
blob - 31d9f22b011b061133398e6353dca97b66d10a29
blob + 01cb34bbbb95be65f3243804047b409464f05454
--- sandbox.c
+++ sandbox.c
@@ -320,8 +320,10 @@ static struct sock_filter filter[] = {
 	SC_ALLOW(gettimeofday),
 #endif
 #ifdef __NR_ioctl
-	/* allow ioctl only on fd 1, glibc doing stuff? */
+	/* allow ioctl on fd 1, glibc doing stuff? */
         SC_ALLOW_ARG(__NR_ioctl, 0, 1),
+	/* allow FIONREAD needed by libevent */
+	SC_ALLOW_ARG(__NR_ioctl, 1, FIONREAD),
 #endif
 #ifdef __NR_lseek
 	SC_ALLOW(lseek),