From b9d81282e0dbfdae795b38c26879716d7860bcf9 Mon Sep 17 00:00:00 2001
From: Peter Gerber <pgerber@tocco.ch>
Date: Sun, 5 Jan 2020 15:48:54 +0100
Subject: Fix sandbox crash during reload of logging configuration

Allow calls to dup() which was introduced in commit a22fbab986.

From a security perspective, I don't think this should impact the
security of the sandbox significantly. As far as I can tell, there
is nothing an adversary can do with a duplicated FD that can't be
done with the original.
---
 src/lib/sandbox/sandbox.c | 1 +
 1 file changed, 1 insertion(+)

(limited to 'src/lib/sandbox')

diff --git a/src/lib/sandbox/sandbox.c b/src/lib/sandbox/sandbox.c
index faaf463f29..7e6354d880 100644
--- a/src/lib/sandbox/sandbox.c
+++ b/src/lib/sandbox/sandbox.c
@@ -143,6 +143,7 @@ static int filter_nopar_gen[] = {
     SCMP_SYS(clock_gettime),
     SCMP_SYS(close),
     SCMP_SYS(clone),
+    SCMP_SYS(dup),
     SCMP_SYS(epoll_create),
     SCMP_SYS(epoll_wait),
 #ifdef __NR_epoll_pwait
-- 
cgit v1.2.3-54-g00ecf