From b7237dd61a1618e39c97f937d0a6700680eed14d Mon Sep 17 00:00:00 2001
From: Daniel Golle <daniel@makrotopia.org>
Date: Sat, 10 Apr 2021 17:30:49 +0100
Subject: [PATCH] umdns: add missing syscalls to seccomp filter

Looks like 'openat', 'pipe2' and 'ppoll' are now needed, possibly due
to changes on libraries used by umdns now using slightly different
calls.

Found using
/etc/init.d/umdns trace
now use umdns, ie. cover all ubus call etc., then
/etc/init.d/umdns stop
find list of syscalls traced in /tmp/umdns.*.json

Fixes: FS#3355 ("UMDNS: does not start on master with seccomp")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
---
 package/network/services/umdns/Makefile       |  2 +-
 .../network/services/umdns/files/umdns.json   | 51 +++++++++++--------
 2 files changed, 31 insertions(+), 22 deletions(-)

diff --git a/package/network/services/umdns/Makefile b/package/network/services/umdns/Makefile
index 108d872868..8dd3bfe22c 100644
--- a/package/network/services/umdns/Makefile
+++ b/package/network/services/umdns/Makefile
@@ -8,7 +8,7 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=umdns
-PKG_RELEASE:=3
+PKG_RELEASE:=4
 
 PKG_SOURCE_URL=$(PROJECT_GIT)/project/mdnsd.git
 PKG_SOURCE_PROTO:=git
diff --git a/package/network/services/umdns/files/umdns.json b/package/network/services/umdns/files/umdns.json
index dca00b99ff..a4b75c29f4 100644
--- a/package/network/services/umdns/files/umdns.json
+++ b/package/network/services/umdns/files/umdns.json
@@ -1,34 +1,43 @@
 {
 	"whitelist": [
-		"read",
-		"write",
-		"writev",
-		"open",
-		"close",
-		"time",
-		"brk",
-		"ioctl",
-		"uname",
 		"bind",
+		"brk",
+		"clock_gettime",
+		"close",
 		"connect",
+		"epoll_create",
+		"epoll_create1",
+		"epoll_ctl",
+		"epoll_pwait",
+		"epoll_wait",
+		"exit",
+		"exit_group",
+		"fcntl",
+		"fcntl64",
+		"fstat",
 		"getsockname",
+		"ioctl",
+		"open",
+		"openat",
+		"pipe",
+		"pipe2",
+		"poll",
+		"ppoll",
+		"read",
+		"recvfrom",
 		"recvmsg",
+		"rt_sigaction",
+		"rt_sigprocmask",
+		"rt_sigreturn",
 		"sendmsg",
 		"sendto",
 		"setsockopt",
-		"socket",
-		"poll",
-		"fcntl64",
-		"fstat",
-		"epoll_create",
-		"epoll_ctl",
-		"epoll_wait",
-		"rt_sigaction",
 		"sigreturn",
-		"rt_sigreturn",
-		"exit_group",
-		"exit",
-		"clock_gettime"
+		"socket",
+		"time",
+		"uname",
+		"write",
+		"writev"
 	],
 	"policy": 1
 }