From 74c2d3a9a4afefaae8b56b0e2c728e30840fc61d Mon Sep 17 00:00:00 2001
From: Robin Malley <rmalley@cock.li>
Date: Mon, 18 May 2020 10:45:41 -0400
Subject: [PATCH] Inital commit

---
 0001-Patches-needed-to-run-luajit.patch | 104 ++++++++++++++++++++++++
 1 file changed, 104 insertions(+)
 create mode 100644 0001-Patches-needed-to-run-luajit.patch

diff --git a/0001-Patches-needed-to-run-luajit.patch b/0001-Patches-needed-to-run-luajit.patch
new file mode 100644
index 0000000..4ec90ca
--- /dev/null
+++ b/0001-Patches-needed-to-run-luajit.patch
@@ -0,0 +1,104 @@
+From f61e588cef7152d219151b2a3b644362de9a0af4 Mon Sep 17 00:00:00 2001
+From: root <root@artificer.my.domain>
+Date: Sat, 16 May 2020 21:27:26 -0400
+Subject: [PATCH] Patches needed to run luajit
+
+---
+ src/http.c    |  2 +-
+ src/keymgr.c  |  5 ++++-
+ src/seccomp.c | 18 ++++++++++++++++--
+ 3 files changed, 21 insertions(+), 4 deletions(-)
+
+diff --git a/src/http.c b/src/http.c
+index 82f5992..71785f1 100644
+--- a/src/http.c
++++ b/src/http.c
+@@ -1017,7 +1017,7 @@ http_argument_urldecode(char *arg)
+ 		if (err != KORE_RESULT_OK)
+ 			return (err);
+ 
+-		if (v <= 0x1f || v == 0x7f)
++		if ((v <= 0x1f && v != '\n' && v != '\r') || v == 0x7f)
+ 			return (KORE_RESULT_ERROR);
+ 
+ 		*in++ = (char)v;
+diff --git a/src/keymgr.c b/src/keymgr.c
+index f20580b..a23d815 100644
+--- a/src/keymgr.c
++++ b/src/keymgr.c
+@@ -81,7 +81,7 @@ static struct sock_filter filter_keymgr[] = {
+ 	KORE_SYSCALL_ALLOW(lseek),
+ 	KORE_SYSCALL_ALLOW(write),
+ 	KORE_SYSCALL_ALLOW(close),
+-	KORE_SYSCALL_ALLOW(stat),
++	KORE_SYSCALL_ALLOW(statx),
+ 	KORE_SYSCALL_ALLOW(fstat),
+ 	KORE_SYSCALL_ALLOW(futex),
+ 	KORE_SYSCALL_ALLOW(writev),
+@@ -99,6 +99,9 @@ static struct sock_filter filter_keymgr[] = {
+ 	KORE_SYSCALL_ALLOW(recvfrom),
+ #if defined(SYS_epoll_wait)
+ 	KORE_SYSCALL_ALLOW(epoll_wait),
++#endif
++#if defined(SYS_epoll_ctl)
++	KORE_SYSCALL_ALLOW(epoll_ctl),
+ #endif
+ 	KORE_SYSCALL_ALLOW(epoll_pwait),
+ 
+diff --git a/src/seccomp.c b/src/seccomp.c
+index 505ac0b..bc04b67 100644
+--- a/src/seccomp.c
++++ b/src/seccomp.c
+@@ -55,18 +55,29 @@ static struct sock_filter filter_kore[] = {
+ 	KORE_SYSCALL_ALLOW(open),
+ #endif
+ 	KORE_SYSCALL_ALLOW(read),
++#if defined(SYS_readv)
++	KORE_SYSCALL_ALLOW(readv),
++#endif
+ #if defined(SYS_stat)
+ 	KORE_SYSCALL_ALLOW(stat),
+ #endif
++#if defined(SYS_statx)
++	KORE_SYSCALL_ALLOW(statx),
++#endif
+ #if defined(SYS_lstat)
+ 	KORE_SYSCALL_ALLOW(lstat),
+ #endif
+ 	KORE_SYSCALL_ALLOW(fstat),
++	KORE_SYSCALL_ALLOW(fchown),
+ 	KORE_SYSCALL_ALLOW(write),
+ 	KORE_SYSCALL_ALLOW(fcntl),
+ 	KORE_SYSCALL_ALLOW(lseek),
+ 	KORE_SYSCALL_ALLOW(close),
+ 	KORE_SYSCALL_ALLOW(openat),
++	KORE_SYSCALL_ALLOW(newfstatat),
++	KORE_SYSCALL_ALLOW(unlinkat),
++	KORE_SYSCALL_ALLOW(fsync),
++	KORE_SYSCALL_ALLOW(fdatasync),
+ #if defined(SYS_access)
+ 	KORE_SYSCALL_ALLOW(access),
+ #endif
+@@ -87,14 +98,17 @@ static struct sock_filter filter_kore[] = {
+ 	KORE_SYSCALL_ALLOW(geteuid),
+ 	KORE_SYSCALL_ALLOW(exit_group),
+ 	KORE_SYSCALL_ALLOW(nanosleep),
++	KORE_SYSCALL_ALLOW(clone),
++	KORE_SYSCALL_ALLOW(wait4),
+ 
+ 	/* Memory related. */
+ 	KORE_SYSCALL_ALLOW(brk),
+ 	KORE_SYSCALL_ALLOW(munmap),
++	KORE_SYSCALL_ALLOW(pipe2),
+ 
+ 	/* Deny mmap/mprotect calls with PROT_EXEC/PROT_WRITE protection. */
+-	KORE_SYSCALL_DENY_WITH_FLAG(mmap, 2, PROT_EXEC | PROT_WRITE, EINVAL),
+-	KORE_SYSCALL_DENY_WITH_FLAG(mprotect, 2, PROT_EXEC, EINVAL),
++	//KORE_SYSCALL_DENY_WITH_FLAG(mmap, 2, PROT_EXEC | PROT_WRITE, EINVAL),
++	//KORE_SYSCALL_DENY_WITH_FLAG(mprotect, 2, PROT_EXEC, EINVAL),
+ 
+ 	KORE_SYSCALL_ALLOW(mmap),
+ 	KORE_SYSCALL_ALLOW(madvise),
+-- 
+2.26.2
+