void-packages/srcpkgs/kcgi/patches/sandbox.patch

--- sandbox-seccomp-filter.c.orig
+++ sandbox-seccomp-filter.c
@@ -85,7 +85,9 @@
 	/* Load the syscall number for checking. */
 	BPF_STMT(BPF_LD+BPF_W+BPF_ABS,
 		offsetof(struct seccomp_data, nr)),
+#ifdef __NR_open /* not defined on AARCH64 */
 	SC_DENY(open, EACCES),
+#endif
 	SC_ALLOW(getpid),
 	SC_ALLOW(gettimeofday),
 	SC_ALLOW(clock_gettime),
@@ -106,18 +108,24 @@
 	SC_ALLOW(recvmsg),
 #endif
 	SC_ALLOW(read),
+	SC_ALLOW(readv),
 	SC_ALLOW(write),
+	SC_ALLOW(writev),
 	SC_ALLOW(close),
 #ifdef __NR_shutdown /* not defined on archs that go via socketcall(2) */
 	SC_ALLOW(shutdown),
 #endif
 	SC_ALLOW(brk),
+#ifdef __NR_poll /* not defined on AARCH64 */
 	SC_ALLOW(poll),
+#endif
 #ifdef __NR__newselect
 	SC_ALLOW(_newselect),
 #else
+#ifdef __NR_select /* not defined on AARCH64 */
 	SC_ALLOW(select),
 #endif
+#endif
 	SC_ALLOW(madvise),
 #ifdef __NR_mmap2 /* EABI ARM only has mmap2() */
 	SC_ALLOW(mmap2),
@@ -150,7 +158,9 @@
 	/* Load the syscall number for checking. */
 	BPF_STMT(BPF_LD+BPF_W+BPF_ABS,
 		offsetof(struct seccomp_data, nr)),
+#ifdef __NR_open /* not defined on AARCH64 */
 	SC_DENY(open, EACCES),
+#endif
 	SC_ALLOW(getpid),
 	SC_ALLOW(gettimeofday),
 	SC_ALLOW(clock_gettime),
@@ -158,7 +168,9 @@
 	SC_ALLOW(time),
 #endif
 	SC_ALLOW(read),
+	SC_ALLOW(readv),
 	SC_ALLOW(write),
+	SC_ALLOW(writev),
 	SC_ALLOW(close),
 #ifdef __NR_fcntl64 /* only noted on arm */
 	SC_ALLOW(fcntl64),
@@ -167,11 +179,15 @@
 	SC_ALLOW(shutdown),
 #endif
 	SC_ALLOW(brk),
+#ifdef __NR_poll /* not defined on AARCH64 */
 	SC_ALLOW(poll),
+#endif
 #ifdef __NR__newselect
 	SC_ALLOW(_newselect),
 #else
+#ifdef __NR_select /* not defined on AARCH64 */
 	SC_ALLOW(select),
+#endif
 #endif
 	SC_ALLOW(madvise),
 #ifdef __NR_mmap2 /* EABI ARM only has mmap2() */