ocserv/ocserv-1.1.1-socketwrapper.patch

diff --git a/src/worker-privs.c b/src/worker-privs.c
index ea503cd0..3d4d5fa4 100644
--- a/src/worker-privs.c
+++ b/src/worker-privs.c
@@ -166,6 +166,14 @@ int disable_system_calls(struct worker_st *ws)
 	ADD_SYSCALL(fstat, 0);
 	ADD_SYSCALL(lseek, 0);
 
+	/* if running under socketwrapper ensure we allow its calls */
+	if (getenv("SOCKET_WRAPPER_DIR") != NULL) {
+		ADD_SYSCALL(stat64, 0);
+		ADD_SYSCALL(readlink, 0);
+		ADD_SYSCALL(newfstatat, 0);
+		ADD_SYSCALL(mmap, 0);
+	}
+
 	ADD_SYSCALL(getsockopt, 0);
 	ADD_SYSCALL(setsockopt, 0);