From 8fe58806f2619b13b5695baaa5d7e06d002471ef Mon Sep 17 00:00:00 2001
From: Robert Swiecki <robert@swiecki.net>
Date: Tue, 5 Dec 2017 22:13:00 +0100
Subject: [PATCH] configs/imagemagick: more syscalls allowed

---
 configs/imagemagick-convert.cfg | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/configs/imagemagick-convert.cfg b/configs/imagemagick-convert.cfg
index dae41ab..ed95620 100644
--- a/configs/imagemagick-convert.cfg
+++ b/configs/imagemagick-convert.cfg
@@ -72,14 +72,14 @@ mount {
 
 seccomp_string: "POLICY imagemagick_convert {"
 seccomp_string: "  ALLOW {"
-seccomp_string: "    read, write, open, close, newstat, newfstat,"
+seccomp_string: "    read, write, open, openat, close, newstat, newfstat,"
 seccomp_string: "    newlstat, lseek, mmap, mprotect, munmap, brk,"
 seccomp_string: "    rt_sigaction, rt_sigprocmask, pwrite64, access,"
 seccomp_string: "    getpid, execveat, getdents, unlink, fchmod,"
 seccomp_string: "    getrlimit, getrusage, sysinfo, times, futex,"
 seccomp_string: "    arch_prctl, sched_getaffinity, set_tid_address,"
 seccomp_string: "    clock_gettime, set_robust_list, exit_group,"
-seccomp_string: "    clone, getcwd, pread64, readlink"
+seccomp_string: "    clone, getcwd, pread64, readlink, prlimit64"
 seccomp_string: "  }"
 seccomp_string: "}"
 seccomp_string: "USE imagemagick_convert DEFAULT KILL"
-- 
2.7.4