From ff5a3982cec8ab5eeabf487788663a2097fd2ea1 Mon Sep 17 00:00:00 2001
From: Joris Vink <joris@sanctorum.se>
Date: Tue, 28 Nov 2023 09:22:05 +0100
Subject: [PATCH] Add unlink and rename system calls to whitelist.

The keymgr uses these when handling entropy files.
---
 src/keymgr_openssl.c | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/src/keymgr_openssl.c b/src/keymgr_openssl.c
index d9c4084..c9bfc6a 100644
--- a/src/keymgr_openssl.c
+++ b/src/keymgr_openssl.c
@@ -85,6 +85,14 @@ static struct sock_filter filter_keymgr[] = {
 	/* Deny these, but with EACCESS instead of dying. */
 	KORE_SYSCALL_DENY(ioctl, EACCES),
 
+	/* Entropy handling. */
+#if defined(SYS_unlink)
+	KORE_SYSCALL_ALLOW(unlink),
+#endif
+#if defined(SYS_rename)
+	KORE_SYSCALL_ALLOW(rename),
+#endif
+
 	/* Required to deal with private keys and certs. */
 #if defined(SYS_open)
 	KORE_SYSCALL_ALLOW(open),