From 3a6c6ff646e88280a8c5e370fb4262f439d94fff Mon Sep 17 00:00:00 2001 From: Han-Wen Nienhuys Date: Tue, 27 Jun 2017 17:28:24 +0200 Subject: [PATCH] whitelist munmap for seccomp. free() may call munmap under the hood. --- main/seccomp.c | 1 + 1 file changed, 1 insertion(+) diff --git a/main/seccomp.c b/main/seccomp.c index 3003285ca4..4b8981ecf0 100644 --- a/main/seccomp.c +++ b/main/seccomp.c @@ -27,6 +27,7 @@ int installSyscallFilter (void) // Memory allocation. seccomp_rule_add (ctx, SCMP_ACT_ALLOW, SCMP_SYS (mmap), 0); + seccomp_rule_add (ctx, SCMP_ACT_ALLOW, SCMP_SYS (munmap), 0); seccomp_rule_add (ctx, SCMP_ACT_ALLOW, SCMP_SYS (brk), 0); // I/O