22 lines
683 B
Diff
22 lines
683 B
Diff
Enable sendto for syslog logging to /dev/log in prelogin
|
|
|
|
We write to log from check_limits() and therefore we have to allow
|
|
sendto() for syslog otherwise sandbox will kill the child.
|
|
|
|
Index: vsftpd-3.0.2/seccompsandbox.c
|
|
===================================================================
|
|
--- vsftpd-3.0.2.orig/seccompsandbox.c
|
|
+++ vsftpd-3.0.2/seccompsandbox.c
|
|
@@ -388,6 +388,11 @@ seccomp_sandbox_setup_prelogin(const str
|
|
1, PF_FILE,
|
|
2, SOCK_DGRAM | SOCK_CLOEXEC,
|
|
3, 0);
|
|
+ // allow syslog logs from check_limits()
|
|
+ if (tunable_syslog_enable)
|
|
+ {
|
|
+ allow_nr_1_arg_match(__NR_sendto, 6, 0);
|
|
+ }
|
|
|
|
}
|
|
|