transmission: convert seccomp filter rules to OCI format

procd-seccomp switched to OCI-compliant seccomp parser instead of our (legacy, OpenWrt-specific) format. Convert ruleset to new format. Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-11-17 13:14:02 +00:00 · 2020-11-17 13:14:02 +00:00 · 6b2ec8bcb5
parent 316f870228
commit 6b2ec8bcb5
2 changed files with 85 additions and 80 deletions
--- a/net/transmission/Makefile
+++ b/net/transmission/Makefile
@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk

 PKG_NAME:=transmission
 PKG_VERSION:=3.00
-PKG_RELEASE:=7
+PKG_RELEASE:=8

 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
 PKG_SOURCE_URL:=@GITHUB/transmission/transmission-releases/master
--- a/net/transmission/files/transmission-daemon.json
+++ b/net/transmission/files/transmission-daemon.json
@ -1,81 +1,86 @@
 {
-	"whitelist": [
-		"accept",
-		"accept4",
-		"access",
-		"arm_fadvise64_64",
-		"bind",
-		"brk",
-		"clock_gettime",
-		"clone",
-		"close",
-		"connect",
-		"epoll_create1",
-		"epoll_ctl",
-		"epoll_pwait",
-		"exit",
-		"exit_group",
-		"fadvise64",
-		"fallocate",
-		"fcntl",
-		"fcntl64",
-		"fstat",
-		"fstat64",
-		"fsync",
-		"futex",
-		"getdents64",
-		"getpeername",
-		"getpid",
-		"getsockname",
-		"getsockopt",
-		"getuid32",
-		"ioctl",
-		"listen",
-		"_llseek",
-		"lseek",
-		"madvise",
-		"membarrier",
-		"mkdir",
-		"mmap",
-		"mmap2",
-		"mprotect",
-		"mremap",
-		"munmap",
-		"nanosleep",
-		"_newselect",
-		"open",
-		"pipe",
-		"pipe2",
-		"poll",
-		"pread64",
-		"prlimit64",
-		"pwrite64",
-		"quotactl",
-		"read",
-		"readlink",
-		"readv",
-		"recvfrom",
-		"rename",
-		"rmdir",
-		"rt_sigaction",
-		"rt_sigprocmask",
-		"rt_sigreturn",
-		"select",
-		"sendto",
-		"setsockopt",
-		"shutdown",
-		"sigreturn",
-		"socket",
-		"stat",
-		"stat64",
-		"socketpair",
-		"umask",
-		"uname",
-		"unlink",
-		"statfs64",
-		"umask",
-		"write",
-		"writev"
-	],
-	"policy": 1
+	"defaultAction": "SCMP_ACT_KILL_PROCESS",
+	"syscalls": [
+		{
+			"names": [
+				"accept",
+				"accept4",
+				"access",
+				"arm_fadvise64_64",
+				"bind",
+				"brk",
+				"clock_gettime",
+				"clone",
+				"close",
+				"connect",
+				"epoll_create1",
+				"epoll_ctl",
+				"epoll_pwait",
+				"exit",
+				"exit_group",
+				"fadvise64",
+				"fallocate",
+				"fcntl",
+				"fcntl64",
+				"fstat",
+				"fstat64",
+				"fsync",
+				"futex",
+				"getdents64",
+				"getpeername",
+				"getpid",
+				"getsockname",
+				"getsockopt",
+				"getuid32",
+				"ioctl",
+				"listen",
+				"_llseek",
+				"lseek",
+				"madvise",
+				"membarrier",
+				"mkdir",
+				"mmap",
+				"mmap2",
+				"mprotect",
+				"mremap",
+				"munmap",
+				"nanosleep",
+				"_newselect",
+				"open",
+				"pipe",
+				"pipe2",
+				"poll",
+				"pread64",
+				"prlimit64",
+				"pwrite64",
+				"quotactl",
+				"read",
+				"readlink",
+				"readv",
+				"recvfrom",
+				"rename",
+				"rmdir",
+				"rt_sigaction",
+				"rt_sigprocmask",
+				"rt_sigreturn",
+				"select",
+				"sendto",
+				"setsockopt",
+				"shutdown",
+				"sigreturn",
+				"socket",
+				"stat",
+				"stat64",
+				"socketpair",
+				"umask",
+				"uname",
+				"unlink",
+				"statfs64",
+				"umask",
+				"write",
+				"writev"
+			],
+			"action": "SCMP_ACT_ALLOW"
+		}
+	]
 }