From ee292906cfaea966a20b6a9593456e33dd5dc02f Mon Sep 17 00:00:00 2001
From: dietshasta <dietshasta@mail.i2p>
Date: Wed, 13 Mar 2024 16:11:10 +0000
Subject: [PATCH] allow ptrace if debug mode is set

---
 daemon/Sandbox.cpp | 18 ++++++++++--------
 1 file changed, 10 insertions(+), 8 deletions(-)

diff --git a/daemon/Sandbox.cpp b/daemon/Sandbox.cpp
index 2b2d99b..8ff0e00 100644
--- a/daemon/Sandbox.cpp
+++ b/daemon/Sandbox.cpp
@@ -56,6 +56,9 @@ namespace i2p {
         SCMP_SYS(ppoll),
         SCMP_SYS(prctl),
         SCMP_SYS(prlimit64),
+	#ifdef DEBUG
+        SCMP_SYS(ptrace),
+	#endif
         SCMP_SYS(read),
         SCMP_SYS(recvfrom),
         SCMP_SYS(recvmsg),
@@ -63,7 +66,6 @@ namespace i2p {
         SCMP_SYS(rt_sigaction),
         SCMP_SYS(rt_sigprocmask),
         SCMP_SYS(rt_sigreturn),
-        SCMP_SYS(clone),
         SCMP_SYS(sendmsg),
         SCMP_SYS(sendmmsg),
         SCMP_SYS(sendto),
@@ -93,13 +95,13 @@ namespace i2p {
 
       /* Load rules */
       for (int i = 0; i < (int)(sizeof(filter)/sizeof(int)); i++) {
-          rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, filter[i], 0);
-          if (rc != 0) {
-            LogPrint(eLogError, "Sandbox: Could not add seccomp rule ", i, ": ", strerror(rc));
-	    seccomp_release(ctx);
-	    return false;
-          }
+        rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, filter[i], 0);
+        if (rc != 0) {
+          LogPrint(eLogError, "Sandbox: Could not add seccomp rule ", i, ": ", strerror(rc));
+          seccomp_release(ctx);
+	  return false;
         }
+      }
 
       /* Load filter */
       rc = seccomp_load(ctx);
@@ -107,7 +109,7 @@ namespace i2p {
         LogPrint(eLogError, "Sandbox: Could not load seccomp filter: ", strerror(rc));
 	seccomp_release(ctx);
 	return false;
-        }
+      }
 
       /* Success */
       LogPrint(eLogInfo, "Sandbox: Loaded seccomp filter");