Add some more syscalls to the ndhc permit filter. Netlink sockets were

broken before because of too-strict filters.

Move setup_signals under the seccomp filter to give it more testing coverage.

Make the UDP datagram length check much more strict.  If the read buffer
does not match up with the header lengths exactly, it is discarded.

Print a warning to syslog/stdout when ifchd execute_buffer() returns an
error.

Fix a regression introduced in ifchd that would cause the epoll handler to
spin when a client connection closed.

ndhc/dhcp.c

@@ -283,8 +283,10 @@ static int get_raw_packet(struct client_state_t *cs, struct dhcpmsg *payload)
         return -1;
     }
 
-    if (inc > ntohs(packet.ip.tot_len))
-        log_line("Discarded extra bytes after reading a single UDP datagram.");
+    if (inc != ntohs(packet.ip.tot_len)) {
+        log_line("UDP length does not match header length fields.");
+        return -2;
+    }
 
     if (!cs->using_dhcp_bpf && !get_raw_packet_validate_bpf(&packet))
         return -2;

ndhc/ndhc.c

@@ -125,12 +125,19 @@ static int enforce_seccomp(void)
         ALLOW_SYSCALL(read),
         ALLOW_SYSCALL(write),
         ALLOW_SYSCALL(close),
+        ALLOW_SYSCALL(recvmsg),
         ALLOW_SYSCALL(socket),
         ALLOW_SYSCALL(setsockopt),
         ALLOW_SYSCALL(fcntl),
         ALLOW_SYSCALL(bind),
         ALLOW_SYSCALL(open),
         ALLOW_SYSCALL(connect),
+        ALLOW_SYSCALL(getsockname),
+
+        // These are for 'write_leasefile()'
+        ALLOW_SYSCALL(ftruncate),
+        ALLOW_SYSCALL(lseek),
+        ALLOW_SYSCALL(fsync),
 
         // These are for 'background()'
         ALLOW_SYSCALL(socketpair),
@@ -230,11 +237,12 @@ static void do_work(void)
     cs.epollFd = epoll_create1(0);
     if (cs.epollFd == -1)
         suicide("epoll_create1 failed");
-    setup_signals(&cs);
 
     if (enforce_seccomp())
         log_line("seccomp filter cannot be installed");
 
+    setup_signals(&cs);
+
     epoll_add(&cs, cs.nlFd);
     set_listen_raw(&cs);
     nowts = curms();