From f2c75cdc8b22bf8061735172a33aef1bc2c14148 Mon Sep 17 00:00:00 2001
From: smitsohu <smitsohu@gmail.com>
Date: Sat, 19 Aug 2017 20:08:53 +0200
Subject: fix simple-scan (seccomp, netlink)

fix for broken device discovery.
---
 etc/simple-scan.profile | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/etc/simple-scan.profile b/etc/simple-scan.profile
index 05ed9f813..de43f2a56 100644
--- a/etc/simple-scan.profile
+++ b/etc/simple-scan.profile
@@ -20,9 +20,11 @@ nonewprivs
 noroot
 nosound
 notv
-protocol unix,inet,inet6
+novideo
+protocol unix,inet,inet6,netlink
+# simple-scan makes ioperm system calls, which are blacklisted by default.
+seccomp.drop @clock,@cpu-emulation,@debug,@module,@obsolete,@reboot,@resources,@swap,acct,add_key,bpf,chroot,fanotify_init,io_cancel,io_destroy,io_getevents,io_setup,io_submit,iopl,ioprio_set,kcmp,keyctl,mount,name_to_handle_at,nfsservctl,ni_syscall,open_by_handle_at,pciconfig_iobase,pciconfig_read,pciconfig_write,personality,pivot_root,process_vm_readv,ptrace,remap_file_pages,request_key,s390_mmio_read,s390_mmio_write,setdomainname,sethostname,syslog,umount,umount2,userfaultfd,vhangup,vmsplice
 shell none
-# seccomp
 tracelog
 
 # private-bin simple-scan
-- 
cgit v1.2.3-54-g00ecf