From 31d7c97ef6acd7a4543e11fb65f3cc08cb988f61 Mon Sep 17 00:00:00 2001
From: Rohan Kumar <seirdy@seirdy.one>
Date: Tue, 20 Jul 2021 21:20:09 -0700
Subject: [PATCH] Allow SIOCOUTQNSD ioctl

The Tor daemon (when used in the Tor Browser Bundle) uses SIOCOUTQNSD.
It gets killed during the bootstrap process if SIOCOUTQNSD is blocked.
---
 usr/share/sandbox-app-launcher/autogen-seccomp   | 1 +
 usr/share/sandbox-app-launcher/seccomp-whitelist | 1 +
 2 files changed, 2 insertions(+)

diff --git a/usr/share/sandbox-app-launcher/autogen-seccomp b/usr/share/sandbox-app-launcher/autogen-seccomp
index 39e6066..e04beee 100755
--- a/usr/share/sandbox-app-launcher/autogen-seccomp
+++ b/usr/share/sandbox-app-launcher/autogen-seccomp
@@ -83,6 +83,7 @@ echo "#include <seccomp.h>
 #include <linux/random.h>
 #include <linux/vt.h>
 #include <linux/fs.h>
+#include <linux/sockios.h>
 #include <linux/wireless.h>
 
 #define ALLOW_SYSCALL(call) { if (seccomp_rule_add (ctx, SCMP_ACT_ALLOW, SCMP_SYS(call), 0) < 0) goto out; }
diff --git a/usr/share/sandbox-app-launcher/seccomp-whitelist b/usr/share/sandbox-app-launcher/seccomp-whitelist
index 864f158..6c3de4b 100644
--- a/usr/share/sandbox-app-launcher/seccomp-whitelist
+++ b/usr/share/sandbox-app-launcher/seccomp-whitelist
@@ -121,6 +121,7 @@ ioctl 1 FIONBIO
 ioctl 1 FIONREAD
 ioctl 1 RNDGETENTCNT
 ioctl 1 SIOCGIWMODE
+ioctl 1 SIOCOUTQNSD
 ioctl 1 TCGETS
 ioctl 1 TCSETS
 ioctl 1 TCSETSW