sys_linux: allow BINDTODEVICE option in seccomp filter

Fixes: 4ef944b734 ("socket: add support for binding sockets to device")
2021-04-29 12:35:49 +02:00 · 2021-04-29 12:35:49 +02:00 · b9f5ce83b0
commit b9f5ce83b0
parent 8baab00ae0
1 changed files with 3 additions and 0 deletions
--- a/sys_linux.c
+++ b/sys_linux.c
@ -624,6 +624,9 @@ SYS_Linux_EnableSystemCallFilter(int level, SYS_ProcessContext context)
    { SOL_IP, IP_PKTINFO }, { SOL_IP, IP_FREEBIND }, { SOL_IP, IP_TOS },
 #ifdef FEAT_IPV6
    { SOL_IPV6, IPV6_V6ONLY }, { SOL_IPV6, IPV6_RECVPKTINFO },
+#endif
+#ifdef SO_BINDTODEVICE
+    { SOL_SOCKET, SO_BINDTODEVICE },
 #endif
    { SOL_SOCKET, SO_BROADCAST }, { SOL_SOCKET, SO_REUSEADDR },
 #ifdef SO_REUSEPORT