swap sockets to use send/recv and update seccomp.

src/keymgr.c

@@ -60,6 +60,7 @@ static struct sock_filter filter_keymgr[] = {
 	/* Required to deal with private keys and certs. */
 	KORE_SYSCALL_ALLOW(open),
 	KORE_SYSCALL_ALLOW(read),
+	KORE_SYSCALL_ALLOW(write),
 	KORE_SYSCALL_ALLOW(close),
 	KORE_SYSCALL_ALLOW(fstat),
 	KORE_SYSCALL_ALLOW(futex),
@@ -67,8 +68,8 @@ static struct sock_filter filter_keymgr[] = {
 
 	/* Net related. */
 	KORE_SYSCALL_ALLOW(poll),
-	KORE_SYSCALL_ALLOW(read),
-	KORE_SYSCALL_ALLOW(write),
+	KORE_SYSCALL_ALLOW(sendto),
+	KORE_SYSCALL_ALLOW(recvfrom),
 	KORE_SYSCALL_ALLOW(epoll_wait),
 
 	/* Process things. */

src/net.c

@@ -424,7 +424,7 @@ net_write(struct connection *c, size_t len, size_t *written)
 {
 	ssize_t		r;
 
-	r = write(c->fd, (c->snb->buf + c->snb->s_off), len);
+	r = send(c->fd, (c->snb->buf + c->snb->s_off), len, 0);
 	if (r == -1) {
 		switch (errno) {
 		case EINTR:
@@ -449,8 +449,8 @@ net_read(struct connection *c, size_t *bytes)
 {
 	ssize_t		r;
 
-	r = read(c->fd, (c->rnb->buf + c->rnb->s_off),
-	    (c->rnb->b_len - c->rnb->s_off));
+	r = recv(c->fd, (c->rnb->buf + c->rnb->s_off),
+	    (c->rnb->b_len - c->rnb->s_off), 0);
 	if (r == -1) {
 		switch (errno) {
 		case EINTR:

src/seccomp.c

@@ -76,8 +76,10 @@ static struct sock_filter filter_kore[] = {
 
 	/* Net related. */
 	KORE_SYSCALL_ALLOW(poll),
+	KORE_SYSCALL_ALLOW(sendto),
 	KORE_SYSCALL_ALLOW(accept),
 	KORE_SYSCALL_ALLOW(sendfile),
+	KORE_SYSCALL_ALLOW(recvfrom),
 	KORE_SYSCALL_ALLOW(epoll_ctl),
 	KORE_SYSCALL_ALLOW(setsockopt),
 	KORE_SYSCALL_ALLOW(epoll_wait),

src/tasks.c

@@ -279,7 +279,7 @@ task_channel_write(int fd, void *data, u_int32_t len)
 	d = data;
 	offset = 0;
 	while (offset != len) {
-		r = write(fd, d + offset, len - offset);
+		r = send(fd, d + offset, len - offset, 0);
 		if (r == -1 && errno == EINTR)
 			continue;
 		if (r == -1)