vsftpd/vsftpd-enable-sendto-for-prelogin-syslog.patch

Enable sendto for syslog logging to /dev/log in prelogin

We write to log from check_limits() and therefore we have to allow
sendto() for syslog otherwise sandbox will kill the child.

Index: vsftpd-3.0.2/seccompsandbox.c
===================================================================
--- vsftpd-3.0.2.orig/seccompsandbox.c
+++ vsftpd-3.0.2/seccompsandbox.c
@@ -388,6 +388,11 @@ seccomp_sandbox_setup_prelogin(const str
                        1, PF_FILE,
                        2, SOCK_DGRAM | SOCK_CLOEXEC,
                        3, 0);
+  // allow syslog logs from check_limits()
+  if (tunable_syslog_enable)
+  {
+    allow_nr_1_arg_match(__NR_sendto, 6, 0);
+  }
 
 }
Sync from SUSE:ALP:Source:Standard:1.0 vsftpd revision 2da05debc592f7936f2ab5233a1d8112 2023-12-22 13:21:38 +01:00			`Enable sendto for syslog logging to /dev/log in prelogin`

			`We write to log from check_limits() and therefore we have to allow`
			`sendto() for syslog otherwise sandbox will kill the child.`

			`Index: vsftpd-3.0.2/seccompsandbox.c`
			`===================================================================`
			`--- vsftpd-3.0.2.orig/seccompsandbox.c`
			`+++ vsftpd-3.0.2/seccompsandbox.c`
			`@@ -388,6 +388,11 @@ seccomp_sandbox_setup_prelogin(const str`
			`1, PF_FILE,`
			`2, SOCK_DGRAM \| SOCK_CLOEXEC,`
			`3, 0);`
			`+ // allow syslog logs from check_limits()`
			`+ if (tunable_syslog_enable)`
			`+ {`
			`+ allow_nr_1_arg_match(__NR_sendto, 6, 0);`
			`+ }`

			`}`