umdns: add missing syscalls to seccomp filter

Looks like 'openat', 'pipe2' and 'ppoll' are now needed, possibly due
to changes on libraries used by umdns now using slightly different
calls.

Found using
/etc/init.d/umdns trace
now use umdns, ie. cover all ubus call etc., then
/etc/init.d/umdns stop
find list of syscalls traced in /tmp/umdns.*.json

Fixes: FS#3355 ("UMDNS: does not start on master with seccomp")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit 00a85a163405fdf9bee4d8c3f0ee87ca9ed259d6)

1 files changed, 30 insertions, 27 deletions

diff --git a/package/network/services/umdns/files/umdns.json b/package/network/services/umdns/files/umdns.json
index 4d5ed886d0..5533b7c512 100644
--- a/package/network/services/umdns/files/umdns.json
+++ b/package/network/services/umdns/files/umdns.json
@@ -3,41 +3,44 @@
 	"syscalls": [
 		{
 			"names": [
-				"read",
-				"write",
-				"writev",
-				"open",
-				"close",
-				"time",
-				"brk",
-				"ioctl",
-				"uname",
 				"bind",
+				"brk",
+				"clock_gettime",
+				"close",
 				"connect",
-				"getsockname",
-				"recvmsg",
-				"recvfrom",
-				"sendmsg",
-				"sendto",
-				"setsockopt",
-				"socket",
-				"pipe",
-				"poll",
-				"fcntl64",
-				"fstat",
 				"epoll_create",
 				"epoll_create1",
 				"epoll_ctl",
-				"epoll_wait",
 				"epoll_pwait",
-				"rt_sigaction",
-				"sigreturn",
-				"rt_sigreturn",
-				"rt_sigprocmask",
-				"exit_group",
+				"epoll_wait",
 				"exit",
+				"exit_group",
 				"fcntl",
-				"clock_gettime"
+				"fcntl64",
+				"fstat",
+				"getsockname",
+				"ioctl",
+				"open",
+				"openat",
+				"pipe",
+				"pipe2",
+				"poll",
+				"ppoll",
+				"read",
+				"recvfrom",
+				"recvmsg",
+				"rt_sigaction",
+				"rt_sigprocmask",
+				"rt_sigreturn",
+				"sendmsg",
+				"sendto",
+				"setsockopt",
+				"sigreturn",
+				"socket",
+				"time",
+				"uname",
+				"write",
+				"writev"
 			],
 			"action": "SCMP_ACT_ALLOW"
 		}