seccomp sandbox: allow uname(3)

author Icenowy Zheng <uwu@icenowy.me>

Fri, 7 Nov 2025 06:27:35 +0000 (14:27 +0800)

committer Darren Tucker <dtucker@dtucker.net>

Thu, 13 Nov 2025 11:08:54 +0000 (22:08 +1100)
author Icenowy Zheng <uwu@icenowy.me>
Fri, 7 Nov 2025 06:27:35 +0000 (14:27 +0800)
committer Darren Tucker <dtucker@dtucker.net>
Thu, 13 Nov 2025 11:08:54 +0000 (22:08 +1100)
diff --git a/sandbox-seccomp-filter.c b/sandbox-seccomp-filter.c

index a0692dd2f5bda3042bdc53f70c211df5a23982f6..b3da8d5877b1bbbe75c3b9046013f41327b10536 100644 (file)
--- a/sandbox-seccomp-filter.c
+++ b/sandbox-seccomp-filter.c
@@ -435,6 +435,9 @@ static const struct sock_filter preauth_insns[] = {
  #ifdef __NR_getpeername
         SC_ALLOW(__NR_getpeername),
  #endif
+#ifdef __NR_uname
+       SC_ALLOW(__NR_uname),
+#endif
  #ifdef __NR_setsockopt
         SC_ALLOW_SETSOCKOPT(IPPROTO_IPV6, IPV6_TCLASS),
         SC_ALLOW_SETSOCKOPT(IPPROTO_IP, IP_TOS),
author	Icenowy Zheng <uwu@icenowy.me>
	Fri, 7 Nov 2025 06:27:35 +0000 (14:27 +0800)
committer	Darren Tucker <dtucker@dtucker.net>
	Thu, 13 Nov 2025 11:08:54 +0000 (22:08 +1100)