sandbox: allow getpid in seccomp network sandbox

openssl needs it
author: bptato <nincsnevem662@gmail.com> 2024-04-27 17:31:39 +0200
committer: bptato <nincsnevem662@gmail.com> 2024-04-27 17:31:39 +0200
commit: 4b4b95b6e1c366fbd4e73f5bd0c0ea555bf77490 (patch)
tree: 549af29d1f4be4856c276e96c5f7ca072a196c7a /src/utils
parent: d8679af92bf88896a033238a1b0bea0648632b4c (diff)
download: chawan-4b4b95b6e1c366fbd4e73f5bd0c0ea555bf77490.tar.gz
1 files changed, 1 insertions, 0 deletions
diff --git a/src/utils/sandbox.nim b/src/utils/sandbox.nim
index 9c8bc72a..130389ab 100644
--- a/src/utils/sandbox.nim
+++ b/src/utils/sandbox.nim
@@ -133,6 +133,7 @@ elif defined(linux) and not disableSandbox:
       "fcntl", "fcntl64", # so we can set nonblock etc.
       "mmap", "mmap2", "munmap", "brk", # memory allocation
       "poll", # curl needs poll
+      "getpid", # used indirectly by OpenSSL EVP_RAND_CTX_new (through drbg)
       "fstat", # glibc fread seems to call it
       # maybe it will need epoll too in the future
       "epoll_create", "epoll_create1", "epoll_ctl", "epoll_wait",
author	bptato <nincsnevem662@gmail.com>	2024-04-27 17:31:39 +0200
committer	bptato <nincsnevem662@gmail.com>	2024-04-27 17:31:39 +0200
commit	4b4b95b6e1c366fbd4e73f5bd0c0ea555bf77490 (patch)
tree	549af29d1f4be4856c276e96c5f7ca072a196c7a /src/utils
parent	d8679af92bf88896a033238a1b0bea0648632b4c (diff)
download	chawan-4b4b95b6e1c366fbd4e73f5bd0c0ea555bf77490.tar.gz