allow ptrace if debug mode is set

daemon/Sandbox.cpp

@@ -56,6 +56,9 @@ namespace i2p {
         SCMP_SYS(ppoll),
         SCMP_SYS(prctl),
         SCMP_SYS(prlimit64),
+	#ifdef DEBUG
+        SCMP_SYS(ptrace),
+	#endif
         SCMP_SYS(read),
         SCMP_SYS(recvfrom),
         SCMP_SYS(recvmsg),
@@ -63,7 +66,6 @@ namespace i2p {
         SCMP_SYS(rt_sigaction),
         SCMP_SYS(rt_sigprocmask),
         SCMP_SYS(rt_sigreturn),
-        SCMP_SYS(clone),
         SCMP_SYS(sendmsg),
         SCMP_SYS(sendmmsg),
         SCMP_SYS(sendto),
@@ -93,13 +95,13 @@ namespace i2p {
 
       /* Load rules */
       for (int i = 0; i < (int)(sizeof(filter)/sizeof(int)); i++) {
-          rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, filter[i], 0);
-          if (rc != 0) {
-            LogPrint(eLogError, "Sandbox: Could not add seccomp rule ", i, ": ", strerror(rc));
-	    seccomp_release(ctx);
-	    return false;
-          }
+        rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, filter[i], 0);
+        if (rc != 0) {
+          LogPrint(eLogError, "Sandbox: Could not add seccomp rule ", i, ": ", strerror(rc));
+          seccomp_release(ctx);
+	  return false;
         }
+      }
 
       /* Load filter */
       rc = seccomp_load(ctx);
@@ -107,7 +109,7 @@ namespace i2p {
         LogPrint(eLogError, "Sandbox: Could not load seccomp filter: ", strerror(rc));
 	seccomp_release(ctx);
 	return false;
-        }
+      }
 
       /* Success */
       LogPrint(eLogInfo, "Sandbox: Loaded seccomp filter");