| Andrew Geissler | 517393d | 2023-01-13 08:55:19 -0600 | [diff] [blame] | 1 | From 7625a555797f587a89dc2447fd9d621024d5165c Mon Sep 17 00:00:00 2001 |
| 2 | From: Roy Marples <roy@marples.name> |
| 3 | Date: Fri, 26 Aug 2022 09:24:50 +0100 |
| 4 | Subject: [PATCH 2/2] privsep: Allow newfstatat syscall as well |
| 5 | |
| 6 | Allows newer glibc variants to work apparently. |
| 7 | As reported in #84 and #89. |
| 8 | |
| 9 | Upstream-Status: Backport [7625a555797f587a89dc2447fd9d621024d5165c] |
| 10 | Signed-off-by: Chen Qi <Qi.Chen@windriver.com> |
| 11 | --- |
| 12 | src/privsep-linux.c | 3 +++ |
| 13 | 1 file changed, 3 insertions(+) |
| 14 | |
| 15 | diff --git a/src/privsep-linux.c b/src/privsep-linux.c |
| 16 | index 479a1d82..6327b1bc 100644 |
| 17 | --- a/src/privsep-linux.c |
| 18 | +++ b/src/privsep-linux.c |
| 19 | @@ -328,6 +328,9 @@ static struct sock_filter ps_seccomp_filter[] = { |
| 20 | #ifdef __NR_nanosleep |
| 21 | SECCOMP_ALLOW(__NR_nanosleep), /* XXX should use ppoll instead */ |
| 22 | #endif |
| 23 | +#ifdef __NR_newfstatat |
| 24 | + SECCOMP_ALLOW(__NR_newfstatat), |
| 25 | +#endif |
| 26 | #ifdef __NR_ppoll |
| 27 | SECCOMP_ALLOW(__NR_ppoll), |
| 28 | #endif |
| 29 | -- |
| 30 | 2.17.1 |
| 31 | |