security.c: allow faccessat2 syscall in seccomt filters

Under glibc-2.33 sandox uses faccessat2 to stat symlinks. Reported-by: Cănărău Constantin Bug: https://bugs.gentoo.org/768435 Signed-off-by: Sergei Trofimovich <slyfox@gentoo.org>
author: Sergei Trofimovich <slyfox@gentoo.org> 2021-02-03 19:44:37 +0000
committer: Sergei Trofimovich <slyfox@gentoo.org> 2021-02-03 19:44:37 +0000
commit: e2378b8c6bef5d94805444797e7fe35c07f54783 (patch)
tree: 077fb80850c7818b51cfe9e3933ba61f42233088 /security.c
parent: scanmacho: add support for dumping UUIDs (diff)
download: pax-utils-e2378b8c6bef5d94805444797e7fe35c07f54783.tar.gz
pax-utils-e2378b8c6bef5d94805444797e7fe35c07f54783.tar.bz2
pax-utils-e2378b8c6bef5d94805444797e7fe35c07f54783.zip
1 files changed, 1 insertions, 0 deletions
diff --git a/security.c b/security.c
index ab8a499..8315023 100644
--- a/security.c
+++ b/security.c
@@ -156,6 +156,7 @@ static void pax_seccomp_init(bool allow_forking)
 		SCMP_SYS(readlink),
 		SCMP_SYS(readlinkat),
 		SCMP_SYS(getcwd),
+		SCMP_SYS(faccessat2),
 
 		/* Syscalls listed because of fakeroot.  */
 		SCMP_SYS(msgget),
author	Sergei Trofimovich <slyfox@gentoo.org>	2021-02-03 19:44:37 +0000
committer	Sergei Trofimovich <slyfox@gentoo.org>	2021-02-03 19:44:37 +0000
commit	e2378b8c6bef5d94805444797e7fe35c07f54783 (patch)
tree	077fb80850c7818b51cfe9e3933ba61f42233088 /security.c
parent	scanmacho: add support for dumping UUIDs (diff)
download	pax-utils-e2378b8c6bef5d94805444797e7fe35c07f54783.tar.gz pax-utils-e2378b8c6bef5d94805444797e7fe35c07f54783.tar.bz2 pax-utils-e2378b8c6bef5d94805444797e7fe35c07f54783.zip