From 4c52accd6212ae1f929a1814b7a5db7338bf1c8b Mon Sep 17 00:00:00 2001
From: "Nicholas J. Kain" <nicholas@kain.us>
Date: Wed, 8 May 2013 08:10:57 -0400
Subject: [PATCH] Fix the syscall whitelist to permit syscalls needed to
 properly log via glibc syslog.

---
 ifchd/ifchd.c | 13 +++++++++----
 1 file changed, 9 insertions(+), 4 deletions(-)

diff --git a/ifchd/ifchd.c b/ifchd/ifchd.c
index 5274279..1f7c3ff 100644
--- a/ifchd/ifchd.c
+++ b/ifchd/ifchd.c
@@ -118,13 +118,17 @@ static int enforce_seccomp(void)
         ALLOW_SYSCALL(sendto), // used for glibc syslog routines
         ALLOW_SYSCALL(epoll_wait),
         ALLOW_SYSCALL(epoll_ctl),
-        ALLOW_SYSCALL(clock_gettime),
         ALLOW_SYSCALL(close),
-        ALLOW_SYSCALL(socket),
-        ALLOW_SYSCALL(getsockopt),
         ALLOW_SYSCALL(accept),
-        ALLOW_SYSCALL(listen),
+        ALLOW_SYSCALL(socket),
         ALLOW_SYSCALL(ioctl),
+        ALLOW_SYSCALL(getsockopt),
+        ALLOW_SYSCALL(getsockname),
+        ALLOW_SYSCALL(listen),
+        ALLOW_SYSCALL(open),
+        ALLOW_SYSCALL(fstat),
+        ALLOW_SYSCALL(connect),
+        ALLOW_SYSCALL(recvmsg),
         ALLOW_SYSCALL(fsync),
         ALLOW_SYSCALL(lseek),
         ALLOW_SYSCALL(truncate),
@@ -141,6 +145,7 @@ static int enforce_seccomp(void)
         ALLOW_SYSCALL(getcpu),
         ALLOW_SYSCALL(time),
         ALLOW_SYSCALL(gettimeofday),
+        ALLOW_SYSCALL(clock_gettime),
 
         ALLOW_SYSCALL(exit_group),
         ALLOW_SYSCALL(exit),