| From 7625a555797f587a89dc2447fd9d621024d5165c Mon Sep 17 00:00:00 2001 |
| From: Roy Marples <roy@marples.name> |
| Date: Fri, 26 Aug 2022 09:24:50 +0100 |
| Subject: [PATCH 2/2] privsep: Allow newfstatat syscall as well |
| |
| Allows newer glibc variants to work apparently. |
| As reported in #84 and #89. |
| |
| Upstream-Status: Backport [7625a555797f587a89dc2447fd9d621024d5165c] |
| Signed-off-by: Chen Qi <Qi.Chen@windriver.com> |
| --- |
| src/privsep-linux.c | 3 +++ |
| 1 file changed, 3 insertions(+) |
| |
| diff --git a/src/privsep-linux.c b/src/privsep-linux.c |
| index 479a1d82..6327b1bc 100644 |
| --- a/src/privsep-linux.c |
| +++ b/src/privsep-linux.c |
| @@ -328,6 +328,9 @@ static struct sock_filter ps_seccomp_filter[] = { |
| #ifdef __NR_nanosleep |
| SECCOMP_ALLOW(__NR_nanosleep), /* XXX should use ppoll instead */ |
| #endif |
| +#ifdef __NR_newfstatat |
| + SECCOMP_ALLOW(__NR_newfstatat), |
| +#endif |
| #ifdef __NR_ppoll |
| SECCOMP_ALLOW(__NR_ppoll), |
| #endif |
| -- |
| 2.17.1 |
| |