void-packages/srcpkgs/kcgi/patches/seccomp.patch

--- a/sandbox-seccomp-filter.c
+++ b/sandbox-seccomp-filter.c
@@ -89,7 +89,12 @@
 	/* Load the syscall number for checking. */
 	BPF_STMT(BPF_LD+BPF_W+BPF_ABS,
 		offsetof(struct seccomp_data, nr)),
+#ifdef __NR_open
 	SC_DENY(open, EACCES),
+#endif
+#ifdef __NR_openat
+	SC_DENY(openat, EACCES),
+#endif
 	SC_ALLOW(getpid),
 	SC_ALLOW(gettimeofday),
 	SC_ALLOW(clock_gettime),
@@ -121,12 +126,16 @@
 #ifdef __NR_ppoll
 	SC_ALLOW(ppoll),
 #endif
+#ifdef __NR_poll
 	SC_ALLOW(poll),
+#endif
 #ifdef __NR__newselect
 	SC_ALLOW(_newselect),
 #else
+#ifdef __NR_select
 	SC_ALLOW(select),
 #endif
+#endif
 	SC_ALLOW(madvise),
 #ifdef __NR_mmap2 /* EABI ARM only has mmap2() */
 	SC_ALLOW(mmap2),
@@ -159,7 +168,12 @@
 	/* Load the syscall number for checking. */
 	BPF_STMT(BPF_LD+BPF_W+BPF_ABS,
 		offsetof(struct seccomp_data, nr)),
+#ifdef __NR_open
 	SC_DENY(open, EACCES),
+#endif
+#ifdef __NR_openat
+	SC_DENY(openat, EACCES),
+#endif
 	SC_ALLOW(getpid),
 #ifdef __NR_getrandom
 	SC_ALLOW(getrandom),
@@ -184,11 +198,15 @@
 #ifdef __NR_ppoll
 	SC_ALLOW(ppoll),
 #endif
+#ifdef __NR_poll
 	SC_ALLOW(poll),
+#endif
 #ifdef __NR__newselect
 	SC_ALLOW(_newselect),
 #else
+#ifdef __NR_select
 	SC_ALLOW(select),
+#endif
 #endif
 	SC_ALLOW(madvise),
 #ifdef __NR_mmap2 /* EABI ARM only has mmap2() */
--- a/sandbox-seccomp-filter.c
+++ b/sandbox-seccomp-filter.c
@@ -122,6 +122,9 @@
 #ifdef __NR_shutdown /* not defined on archs that go via socketcall(2) */
 	SC_ALLOW(shutdown),
 #endif
+#ifdef __NR_socketcall
+	SC_ALLOW(socketcall),
+#endif
 	SC_ALLOW(brk),
 #ifdef __NR_ppoll
 	SC_ALLOW(ppoll),
--- a/sandbox-seccomp-filter.c
+++ b/sandbox-seccomp-filter.c
@@ -193,6 +193,9 @@
 #ifdef __NR_newfstatat
 	SC_ALLOW(newfstatat), /* for kutil_openlog logging */
 #endif
+#ifdef __NR_fstat64
+	SC_ALLOW(fstat64), /* for kutil_openlog logging */
+#endif
 	SC_ALLOW(write),
 	SC_ALLOW(writev),
 	SC_ALLOW(close),