blob: fac29f4a0d6b9587e8bc2eb9a65b8e551c8b5e20 (
plain)
| 1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
 | From 78573ec1c43346064661169c5c8df32e7c3bd6d6 Mon Sep 17 00:00:00 2001
From: Christos Zoulas <christos@zoulas.com>
Date: Fri, 17 Jan 2020 17:12:58 +0000
Subject: [PATCH] PR/130: tobias: adjust seccomp for ioctl on hardwired
 terminal
---
 src/seccomp.c | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/src/seccomp.c b/src/seccomp.c
index ebf3ea1cb..0ba17233b 100644
--- a/src/seccomp.c
+++ b/src/seccomp.c
@@ -186,8 +186,12 @@ enable_sandbox_full(void)
 	ALLOW_IOCTL_RULE(FIONREAD);
 #endif
 #ifdef TIOCGWINSZ
-	// musl libc may call ioctl TIOCGWINSZ when calling stdout
+	// musl libc may call ioctl TIOCGWINSZ on stdout
 	ALLOW_IOCTL_RULE(TIOCGWINSZ);
+#endif
+#ifdef TCGETS
+	// glibc may call ioctl TCGETS on stdout on physical terminal
+	ALLOW_IOCTL_RULE(TCGETS);
 #endif
 	ALLOW_RULE(lseek);
  	ALLOW_RULE(_llseek);
 |