Merge remote-tracking branch 'github/privsep-musl'

src/control.c

@@ -100,15 +100,15 @@ control_handle_read(struct fd_list *fd)
 	ssize_t bytes;
 
 	bytes = read(fd->fd, buffer, sizeof(buffer) - 1);
-#ifdef PRIVSEP
-	if (bytes == 0 && IN_PRIVSEP(fd->ctx)) {
-		if (ps_ctl_sendeof(fd) == -1)
-			logerr(__func__);
-	}
-#endif
 	if (bytes == -1)
 		logerr(__func__);
 	if (bytes == -1 || bytes == 0) {
+#ifdef PRIVSEP
+		if (IN_PRIVSEP(fd->ctx)) {
+			if (ps_ctl_sendeof(fd) == -1)
+				logerr(__func__);
+		}
+#endif
 		control_free(fd);
 		return;
 	}

src/privsep-linux.c

@@ -30,7 +30,6 @@
 #include <sys/prctl.h>
 #include <sys/socket.h>
 #include <sys/syscall.h>
-#include <sys/termios.h>	/* For TCGETS */
 
 #include <linux/audit.h>
 #include <linux/filter.h>
@@ -40,10 +39,12 @@
 
 #include <errno.h>
 #include <fcntl.h>
+#include <signal.h>
 #include <stddef.h>
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
+#include <termios.h>	/* For TCGETS */
 #include <unistd.h>
 
 #include "common.h"
@@ -348,9 +349,14 @@ static struct sock_filter ps_seccomp_filter[] = {
 	SECCOMP_ALLOW_ARG(__NR_ioctl, 1, SIOCGIFVLAN),
 	/* printf over serial terminal requires this */
 	SECCOMP_ALLOW_ARG(__NR_ioctl, 1, TCGETS),
+	/* dumping leases on musl requires this */
+	SECCOMP_ALLOW_ARG(__NR_ioctl, 1, TIOCGWINSZ),
 	/* SECCOMP BPF is newer than nl80211 so we don't need SIOCGIWESSID
 	 * which lives in the impossible to include linux/wireless.h header */
 #endif
+#ifdef __NR_madvise /* needed for musl */
+	SECCOMP_ALLOW(__NR_madvise),
+#endif
 #ifdef __NR_mmap
 	SECCOMP_ALLOW(__NR_mmap),
 #endif