base-linux: let seccomp permit 'read'

This is needed for using the 'wait_for_continue' debug mechanism. Fixes #3798
2020-07-03 11:56:19 +02:00
parent 0e6c32f75e
commit 0310c733d5
4 changed files with 3 additions and 0 deletions
--- a/tool/seccomp/seccomp_bpf_compiler.h
+++ b/tool/seccomp/seccomp_bpf_compiler.h
@@ -99,6 +99,9 @@ class Filter
 			_add_allow_rule(SCMP_SYS(fstat));
 			_add_allow_rule(SCMP_SYS(fstat64));

+			/* This syscall is used by the 'wait_for_continue' debug mechanism. */
+			_add_allow_rule(SCMP_SYS(read));
+
 			/* This syscall is used to wait for a condition. This should be safe. */
 			_add_allow_rule(SCMP_SYS(futex));