transmission: convert seccomp filter rules to OCI format

procd-seccomp switched to OCI-compliant seccomp parser instead of our (legacy, OpenWrt-specific) format. Convert ruleset to new format. Signed-off-by: Daniel Golle <daniel@makrotopia.org>
4 years ago · 6b2ec8bcb5
--- a/net/transmission/Makefile
+++ b/net/transmission/Makefile
@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk

 PKG_NAME:=transmission
 PKG_VERSION:=3.00
 PKG_RELEASE:=7
 PKG_RELEASE:=8

 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
 PKG_SOURCE_URL:=@GITHUB/transmission/transmission-releases/master
--- a/net/transmission/files/transmission-daemon.json
+++ b/net/transmission/files/transmission-daemon.json
@ -1,81 +1,86 @@
 {
 	"whitelist": [
 		"accept",
 		"accept4",
 		"access",
 		"arm_fadvise64_64",
 		"bind",
 		"brk",
 		"clock_gettime",
 		"clone",
 		"close",
 		"connect",
 		"epoll_create1",
 		"epoll_ctl",
 		"epoll_pwait",
 		"exit",
 		"exit_group",
 		"fadvise64",
 		"fallocate",
 		"fcntl",
 		"fcntl64",
 		"fstat",
 		"fstat64",
 		"fsync",
 		"futex",
 		"getdents64",
 		"getpeername",
 		"getpid",
 		"getsockname",
 		"getsockopt",
 		"getuid32",
 		"ioctl",
 		"listen",
 		"_llseek",
 		"lseek",
 		"madvise",
 		"membarrier",
 		"mkdir",
 		"mmap",
 		"mmap2",
 		"mprotect",
 		"mremap",
 		"munmap",
 		"nanosleep",
 		"_newselect",
 		"open",
 		"pipe",
 		"pipe2",
 		"poll",
 		"pread64",
 		"prlimit64",
 		"pwrite64",
 		"quotactl",
 		"read",
 		"readlink",
 		"readv",
 		"recvfrom",
 		"rename",
 		"rmdir",
 		"rt_sigaction",
 		"rt_sigprocmask",
 		"rt_sigreturn",
 		"select",
 		"sendto",
 		"setsockopt",
 		"shutdown",
 		"sigreturn",
 		"socket",
 		"stat",
 		"stat64",
 		"socketpair",
 		"umask",
 		"uname",
 		"unlink",
 		"statfs64",
 		"umask",
 		"write",
 		"writev"
 	],
 	"policy": 1
 	"defaultAction": "SCMP_ACT_KILL_PROCESS",
 	"syscalls": [
 		{
 			"names": [
 				"accept",
 				"accept4",
 				"access",
 				"arm_fadvise64_64",
 				"bind",
 				"brk",
 				"clock_gettime",
 				"clone",
 				"close",
 				"connect",
 				"epoll_create1",
 				"epoll_ctl",
 				"epoll_pwait",
 				"exit",
 				"exit_group",
 				"fadvise64",
 				"fallocate",
 				"fcntl",
 				"fcntl64",
 				"fstat",
 				"fstat64",
 				"fsync",
 				"futex",
 				"getdents64",
 				"getpeername",
 				"getpid",
 				"getsockname",
 				"getsockopt",
 				"getuid32",
 				"ioctl",
 				"listen",
 				"_llseek",
 				"lseek",
 				"madvise",
 				"membarrier",
 				"mkdir",
 				"mmap",
 				"mmap2",
 				"mprotect",
 				"mremap",
 				"munmap",
 				"nanosleep",
 				"_newselect",
 				"open",
 				"pipe",
 				"pipe2",
 				"poll",
 				"pread64",
 				"prlimit64",
 				"pwrite64",
 				"quotactl",
 				"read",
 				"readlink",
 				"readv",
 				"recvfrom",
 				"rename",
 				"rmdir",
 				"rt_sigaction",
 				"rt_sigprocmask",
 				"rt_sigreturn",
 				"select",
 				"sendto",
 				"setsockopt",
 				"shutdown",
 				"sigreturn",
 				"socket",
 				"stat",
 				"stat64",
 				"socketpair",
 				"umask",
 				"uname",
 				"unlink",
 				"statfs64",
 				"umask",
 				"write",
 				"writev"
 			],
 			"action": "SCMP_ACT_ALLOW"
 		}
 	]
 }