fix: add ioctl to SystemCallFilter

Apparently Java needs this to read data from a socket, but only in some
circumstances (Felix says only HTTP domain check was broken, HTTPS check
worked fine).

Change-Id: Ia1b54ef364b282631b44a8313570dafae6b8c5d4

diff --git a/debian/gigi-proxy.service.d/SystemCallFilter.conf b/debian/gigi-proxy.service.d/SystemCallFilter.conf
index e0a692c41f6300072bc1526e318f9beea1c78950..749131e1677780a86bcb9202421c446f360ca005 100644 (file)
--- a/debian/gigi-proxy.service.d/SystemCallFilter.conf
+++ b/debian/gigi-proxy.service.d/SystemCallFilter.conf
@@ -6,7 +6,7 @@ SystemCallFilter=@basic-io
 # @file-system (systemd commit 1a1b13c957, not in any release yet)
 SystemCallFilter=open close stat stat64 fstat fstat64 lstat lstat64 creat mkdir getdents getdents64 getcwd access fcntl fcntl64 mmap munmap readlink
 # event loop (is there data on a socket?)
-SystemCallFilter=@io-event
+SystemCallFilter=@io-event ioctl
 # network connections
 SystemCallFilter=@network-io
 # JIT code generation