From cab9162d8d92af9760f271a273b89e91bbf19382 Mon Sep 17 00:00:00 2001
From: "Nicholas J. Kain" <nicholas@kain.us>
Date: Mon, 7 Apr 2014 03:44:53 -0400
Subject: [PATCH] Remove socketpair from the seccomp syscall filter whitelist.

socketpair() is called only before privileges are dropped, so it does
not need to be in the whitelist.
---
 src/seccomp.c | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/src/seccomp.c b/src/seccomp.c
index f703ca5..ce87688 100644
--- a/src/seccomp.c
+++ b/src/seccomp.c
@@ -50,7 +50,6 @@ int enforce_seccomp_ndhc(void)
         ALLOW_SYSCALL(sendto), // used for glibc syslog routines
         ALLOW_SYSCALL(recvmsg),
         ALLOW_SYSCALL(connect),
-        ALLOW_SYSCALL(socketpair),
 #elif defined(__i386__)
         ALLOW_SYSCALL(socketcall),
 #else
@@ -121,7 +120,6 @@ int enforce_seccomp_ifch(void)
         ALLOW_SYSCALL(sendto), // used for glibc syslog routines
         ALLOW_SYSCALL(recvmsg),
         ALLOW_SYSCALL(socket),
-        ALLOW_SYSCALL(socketpair),
 #elif defined(__i386__)
         ALLOW_SYSCALL(socketcall),
 #else
@@ -181,7 +179,6 @@ int enforce_seccomp_sockd(void)
         ALLOW_SYSCALL(socket),
         ALLOW_SYSCALL(setsockopt),
         ALLOW_SYSCALL(bind),
-        ALLOW_SYSCALL(socketpair),
 #elif defined(__i386__)
         ALLOW_SYSCALL(socketcall),
         ALLOW_SYSCALL(fcntl64),