From b0b03cde704129d9a8b85349a12c40777fe8da7b Mon Sep 17 00:00:00 2001
From: "Jason A. Donenfeld" <Jason@zx2c4.com>
Date: Thu, 16 Jul 2015 12:02:11 +0200
Subject: Newest glibc requires mmap and fstat for fprintf'ing to a socket. Ugh

---
 honeypot.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/honeypot.c b/honeypot.c
index be3a625..1e8ba38 100644
--- a/honeypot.c
+++ b/honeypot.c
@@ -441,6 +441,11 @@ void drop_privileges()
 		perror("prctl(NO_NEW_PRIVS");
 		exit(EXIT_FAILURE);
 	}
+
+	if (prctl(PR_SET_DUMPABLE, 0, 0, 0, 0)) {
+		perror("prctl(PR_SET_DUMPABLE)");
+		exit(EXIT_FAILURE);
+	}
 }
 
 void seccomp_enable_filter()
@@ -457,6 +462,8 @@ void seccomp_enable_filter()
 		ALLOW_SYSCALL(read),
 		ALLOW_SYSCALL(write),
 		ALLOW_SYSCALL(alarm),
+		ALLOW_SYSCALL(fstat),
+		ALLOW_SYSCALL(mmap),
 		KILL_PROCESS
 	};
 	struct sock_fprog prog = {
-- 
cgit v1.2.3-59-g8ed1b