passt: Allow exit_group() system call in seccomp profiles

We handle SIGQUIT and SIGTERM calling exit(), which is usually
implemented with the exit_group() system call.

If we don't allow exit_group(), we'll get a SIGSYS while handling
SIGQUIT and SIGTERM, which means a misleading non-zero exit code.

Reported-by: Wenli Quan <wquan@redhat.com>
Link: https://bugzilla.redhat.com/show_bug.cgi?id=2101990
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>

Makefile

@@ -115,7 +115,7 @@ qrap: $(QRAP_SRCS) passt.h
 
 valgrind: EXTRA_SYSCALLS="rt_sigprocmask rt_sigtimedwait rt_sigaction \
 			  getpid gettid kill clock_gettime mmap munmap open \
-			  unlink exit_group gettimeofday"
+			  unlink gettimeofday"
 valgrind: CFLAGS:=-g -O0 $(filter-out -O%,$(CFLAGS))
 valgrind: all
 

README.md

@@ -286,7 +286,7 @@ speeding up local connections, and usually requiring NAT. _pasta_:
 * ✅ all capabilities dropped, other than `CAP_NET_BIND_SERVICE` (if granted)
 * ✅ with default options, user, mount, IPC, UTS, PID namespaces are detached
 * ✅ no external dependencies (other than a standard C library)
-* ✅ restrictive seccomp profiles (25 syscalls allowed for _passt_, 39 for
+* ✅ restrictive seccomp profiles (26 syscalls allowed for _passt_, 40 for
   _pasta_ on x86_64)
 * ✅ examples of [AppArmor](/passt/tree/contrib/apparmor) and
   [SELinux](/passt/tree/contrib/selinux) profiles available

passt.c

@@ -257,6 +257,8 @@ static int sandbox(struct ctx *c)
  *
  * TODO: After unsharing the PID namespace and forking, SIG_DFL for SIGTERM and
  * SIGQUIT unexpectedly doesn't cause the process to terminate, figure out why.
+ *
+ * #syscalls exit_group
  */
 void exit_handler(int signal)
 {