From 49f8c5535e7bdf92f377a6ad15693b6cd242938f Mon Sep 17 00:00:00 2001
From: dietshasta <dietshasta@mail.i2p>
Date: Sat, 16 Mar 2024 10:35:52 +0000
Subject: [PATCH] fix

---
 daemon/Sandbox.cpp | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/daemon/Sandbox.cpp b/daemon/Sandbox.cpp
index 1cf6b4b..c1568e3 100644
--- a/daemon/Sandbox.cpp
+++ b/daemon/Sandbox.cpp
@@ -96,6 +96,7 @@ namespace i2p {
         SCMP_SYS(timerfd_create),
         SCMP_SYS(timerfd_settime),
         SCMP_SYS(unlinkat),
+        SCMP_SYS(unlinkat),
         SCMP_SYS(uname),
         SCMP_SYS(write),
         SCMP_SYS(writev),
@@ -198,10 +199,12 @@ namespace i2p {
       }
 
       /* Add rules */
-      if(!addrule(i2p::fs::GetDataDir().c_str(), LANDLOCK_ACCESS_FS_READ_FILE|LANDLOCK_ACCESS_FS_READ_DIR|LANDLOCK_ACCESS_FS_WRITE_FILE|LANDLOCK_ACCESS_FS_MAKE_REG|LANDLOCK_ACCESS_FS_MAKE_DIR, ruleset_fd))
+      if(!addrule(i2p::fs::GetDataDir().c_str(), LANDLOCK_ACCESS_FS_READ_FILE|LANDLOCK_ACCESS_FS_READ_DIR|LANDLOCK_ACCESS_FS_WRITE_FILE|LANDLOCK_ACCESS_FS_MAKE_REG|LANDLOCK_ACCESS_FS_MAKE_DIR|LANDLOCK_ACCESS_FS_REMOVE_FILE, ruleset_fd))
         return false;
       if(!addrule(i2p::fs::GetCertsDir().c_str(), LANDLOCK_ACCESS_FS_READ_FILE|LANDLOCK_ACCESS_FS_READ_DIR, ruleset_fd))
         return false;
+      if(!addrule("/var/log/i2pd/", LANDLOCK_ACCESS_FS_WRITE_FILE|LANDLOCK_ACCESS_FS_MAKE_REG, ruleset_fd))
+        return false;
       if(!addrule("/lib/", LANDLOCK_ACCESS_FS_READ_FILE|LANDLOCK_ACCESS_FS_READ_DIR, ruleset_fd))
         return false;
       if(!addrule("/usr/lib/", LANDLOCK_ACCESS_FS_READ_FILE|LANDLOCK_ACCESS_FS_READ_DIR, ruleset_fd))