From f61e588cef7152d219151b2a3b644362de9a0af4 Mon Sep 17 00:00:00 2001
From: root <root@artificer.my.domain>
Date: Sat, 16 May 2020 21:27:26 -0400
Subject: [PATCH] Patches needed to run luajit

---
 src/http.c    |  2 +-
 src/keymgr.c  |  5 ++++-
 src/seccomp.c | 18 ++++++++++++++++--
 3 files changed, 21 insertions(+), 4 deletions(-)

diff --git a/src/http.c b/src/http.c
index 82f5992..71785f1 100644
--- a/src/http.c
+++ b/src/http.c
@@ -1017,7 +1017,7 @@ http_argument_urldecode(char *arg)
 		if (err != KORE_RESULT_OK)
 			return (err);
 
-		if (v <= 0x1f || v == 0x7f)
+		if ((v <= 0x1f && v != '\n' && v != '\r') || v == 0x7f)
 			return (KORE_RESULT_ERROR);
 
 		*in++ = (char)v;
diff --git a/src/keymgr.c b/src/keymgr.c
index f20580b..a23d815 100644
--- a/src/keymgr.c
+++ b/src/keymgr.c
@@ -81,7 +81,7 @@ static struct sock_filter filter_keymgr[] = {
 	KORE_SYSCALL_ALLOW(lseek),
 	KORE_SYSCALL_ALLOW(write),
 	KORE_SYSCALL_ALLOW(close),
-	KORE_SYSCALL_ALLOW(stat),
+	KORE_SYSCALL_ALLOW(statx),
 	KORE_SYSCALL_ALLOW(fstat),
 	KORE_SYSCALL_ALLOW(futex),
 	KORE_SYSCALL_ALLOW(writev),
@@ -99,6 +99,9 @@ static struct sock_filter filter_keymgr[] = {
 	KORE_SYSCALL_ALLOW(recvfrom),
 #if defined(SYS_epoll_wait)
 	KORE_SYSCALL_ALLOW(epoll_wait),
+#endif
+#if defined(SYS_epoll_ctl)
+	KORE_SYSCALL_ALLOW(epoll_ctl),
 #endif
 	KORE_SYSCALL_ALLOW(epoll_pwait),
 
diff --git a/src/seccomp.c b/src/seccomp.c
index 505ac0b..bc04b67 100644
--- a/src/seccomp.c
+++ b/src/seccomp.c
@@ -55,18 +55,29 @@ static struct sock_filter filter_kore[] = {
 	KORE_SYSCALL_ALLOW(open),
 #endif
 	KORE_SYSCALL_ALLOW(read),
+#if defined(SYS_readv)
+	KORE_SYSCALL_ALLOW(readv),
+#endif
 #if defined(SYS_stat)
 	KORE_SYSCALL_ALLOW(stat),
 #endif
+#if defined(SYS_statx)
+	KORE_SYSCALL_ALLOW(statx),
+#endif
 #if defined(SYS_lstat)
 	KORE_SYSCALL_ALLOW(lstat),
 #endif
 	KORE_SYSCALL_ALLOW(fstat),
+	KORE_SYSCALL_ALLOW(fchown),
 	KORE_SYSCALL_ALLOW(write),
 	KORE_SYSCALL_ALLOW(fcntl),
 	KORE_SYSCALL_ALLOW(lseek),
 	KORE_SYSCALL_ALLOW(close),
 	KORE_SYSCALL_ALLOW(openat),
+	KORE_SYSCALL_ALLOW(newfstatat),
+	KORE_SYSCALL_ALLOW(unlinkat),
+	KORE_SYSCALL_ALLOW(fsync),
+	KORE_SYSCALL_ALLOW(fdatasync),
 #if defined(SYS_access)
 	KORE_SYSCALL_ALLOW(access),
 #endif
@@ -87,14 +98,17 @@ static struct sock_filter filter_kore[] = {
 	KORE_SYSCALL_ALLOW(geteuid),
 	KORE_SYSCALL_ALLOW(exit_group),
 	KORE_SYSCALL_ALLOW(nanosleep),
+	KORE_SYSCALL_ALLOW(clone),
+	KORE_SYSCALL_ALLOW(wait4),
 
 	/* Memory related. */
 	KORE_SYSCALL_ALLOW(brk),
 	KORE_SYSCALL_ALLOW(munmap),
+	KORE_SYSCALL_ALLOW(pipe2),
 
 	/* Deny mmap/mprotect calls with PROT_EXEC/PROT_WRITE protection. */
-	KORE_SYSCALL_DENY_WITH_FLAG(mmap, 2, PROT_EXEC | PROT_WRITE, EINVAL),
-	KORE_SYSCALL_DENY_WITH_FLAG(mprotect, 2, PROT_EXEC, EINVAL),
+	//KORE_SYSCALL_DENY_WITH_FLAG(mmap, 2, PROT_EXEC | PROT_WRITE, EINVAL),
+	//KORE_SYSCALL_DENY_WITH_FLAG(mprotect, 2, PROT_EXEC, EINVAL),
 
 	KORE_SYSCALL_ALLOW(mmap),
 	KORE_SYSCALL_ALLOW(madvise),
-- 
2.26.2