update

daemon/Sandbox.cpp

@@ -60,6 +60,10 @@ namespace i2p {
         SCMP_SYS(ftruncate),
         SCMP_SYS(futex),
         SCMP_SYS(getdents64),
+        SCMP_SYS(getgid),
+        SCMP_SYS(getegid),
+        SCMP_SYS(getuid),
+        SCMP_SYS(geteuid),
         SCMP_SYS(getpeername),
         SCMP_SYS(getpid),
         SCMP_SYS(getrandom),
@@ -73,10 +77,13 @@ namespace i2p {
         SCMP_SYS(listen),
         SCMP_SYS(lseek),
         SCMP_SYS(madvise),
+        SCMP_SYS(membarrier),
         SCMP_SYS(mkdir),
+        SCMP_SYS(mkdirat),
         SCMP_SYS(mmap),
         SCMP_SYS(mprotect),
         SCMP_SYS(munmap),
+        SCMP_SYS(nanosleep),
         SCMP_SYS(newfstatat),
         SCMP_SYS(openat),
         SCMP_SYS(poll),
@@ -101,6 +108,8 @@ namespace i2p {
         SCMP_SYS(setsockopt),
         SCMP_SYS(shutdown),
         SCMP_SYS(socket),
+        SCMP_SYS(stat),
+        SCMP_SYS(statx),
         SCMP_SYS(sysinfo),
         SCMP_SYS(tgkill),
         SCMP_SYS(timerfd_create),
@@ -149,10 +158,9 @@ namespace i2p {
     }
 
     int addrule(const char *path, unsigned long long rules, int ruleset_fd) {
-      struct landlock_path_beneath_attr temp = {
+      struct landlock_path_beneath_attr temp;
-      {rules},
+      temp.allowed_access = rules;
-      {NULL},
+      temp.parent_fd = 0;
-      };
 
       /* Open path file descriptor */
       temp.parent_fd = open(path, O_PATH | O_CLOEXEC);