From 29ef10e749642e4542d164ddd3bb7ec669230f15 Mon Sep 17 00:00:00 2001
From: Nils <nils@lyllia.fritz.box>
Date: Thu, 22 Jul 2021 15:11:36 +0200
Subject: [PATCH] Allow brk() because it is limited by rlimit anyways

---
 child_launcher.cpp | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/child_launcher.cpp b/child_launcher.cpp
index 093727c..a1b1090 100644
--- a/child_launcher.cpp
+++ b/child_launcher.cpp
@@ -42,13 +42,12 @@ void enable_limits(const Limits& limits) {
     if (limits.enable_seccomp) {
         scmp_filter_ctx ctx = seccomp_init(SCMP_ACT_ERRNO(EOPNOTSUPP));
         for (const auto sysc : {
-             SCMP_SYS(mmap), SCMP_SYS(mmap2), SCMP_SYS(munmap),
+             SCMP_SYS(mmap), SCMP_SYS(mmap2), SCMP_SYS(munmap), SCMP_SYS(brk),
              SCMP_SYS(write), SCMP_SYS(read), SCMP_SYS(close),
              SCMP_SYS(exit), SCMP_SYS(exit_group)
                                 }) {
             seccomp_rule_add(ctx, SCMP_ACT_ALLOW, sysc, 0);
         }
-        seccomp_rule_add(ctx, SCMP_ACT_ERRNO(ENOMEM), SCMP_SYS(brk), 0);
         if (seccomp_load(ctx) < 0) {
             throw std::runtime_error("Error setting up seccomp");
         }