diff options
| author | Darren Tucker <dtucker@dtucker.net> | 2021-03-12 15:58:57 +1100 |
|---|---|---|
| committer | Darren Tucker <dtucker@dtucker.net> | 2021-03-12 16:03:51 +1100 |
| commit | 0727dd09eca355e7539cbcb23b148fcee9b21513 (patch) | |
| tree | 1bd81f6368d0b2f630511e6627df56d1572be748 | |
| parent | 51155e52e94dc1847e695765c80b0c8e768b880e (diff) | |
Allow (but return EACCES) fstatat64 in sandbox.V_8_5
This is apparently used in some configurations of OpenSSL when glibc
has getrandom(). bz#3276, patch from Kris Karas, ok djm@
| -rw-r--r-- | sandbox-seccomp-filter.c | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/sandbox-seccomp-filter.c b/sandbox-seccomp-filter.c index d8dc7120..7981c84a 100644 --- a/sandbox-seccomp-filter.c +++ b/sandbox-seccomp-filter.c @@ -154,6 +154,9 @@ static const struct sock_filter preauth_insns[] = { #ifdef __NR_fstat64 SC_DENY(__NR_fstat64, EACCES), #endif +#ifdef __NR_fstatat64 + SC_DENY(__NR_fstatat64, EACCES), +#endif #ifdef __NR_open SC_DENY(__NR_open, EACCES), #endif |