commit d0e0be1e43e6628e6215e1803c7a2415dd58c9bd
from: Tobias Berger <tobi.berger13@gmail.com>
via: omar-polo <op@omarpolo.com>
date: Sun Feb 13 14:29:33 2022 UTC

Allow Arch-Armv7 syscalls in sandbox.c

commit - c6ae2561a0345a7bd98652b66d7237d8bb88db5e
commit + d0e0be1e43e6628e6215e1803c7a2415dd58c9bd
blob - 43f210de4b18322649f4363523377f93519c5dd2
blob + 2b5e9e04039d1ddb3fc19dbb3e4216777756f853
--- sandbox.c
+++ sandbox.c
@@ -343,6 +343,9 @@ static struct sock_filter filter[] = {
 #endif
 #ifdef __NR_newfstatat
 	SC_ALLOW(newfstatat),
+#endif
+#ifdef __NR_fstatat64
+	SC_ALLOW(fstatat64),
 #endif
 #ifdef __NR_oldfstat
 	SC_ALLOW(oldfstat),
@@ -383,6 +386,12 @@ static struct sock_filter filter[] = {
 #ifdef __NR_writev
 	SC_ALLOW(writev),
 #endif
+#ifdef __NR__llseek
+	SC_ALLOW(_llseek),
+#endif
+#ifdef __NR_sigreturn
+	SC_ALLOW(sigreturn),
+#endif
 
 	/* disallow everything else */
 	BPF_STMT(BPF_RET | BPF_K, SC_FAIL),