summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDarren Tucker <dtucker@dtucker.net>2021-03-12 15:58:57 +1100
committerDarren Tucker <dtucker@dtucker.net>2021-03-12 16:03:51 +1100
commit0727dd09eca355e7539cbcb23b148fcee9b21513 (patch)
tree1bd81f6368d0b2f630511e6627df56d1572be748
parent51155e52e94dc1847e695765c80b0c8e768b880e (diff)
Allow (but return EACCES) fstatat64 in sandbox.V_8_5
This is apparently used in some configurations of OpenSSL when glibc has getrandom(). bz#3276, patch from Kris Karas, ok djm@
-rw-r--r--sandbox-seccomp-filter.c3
1 files changed, 3 insertions, 0 deletions
diff --git a/sandbox-seccomp-filter.c b/sandbox-seccomp-filter.c
index d8dc7120..7981c84a 100644
--- a/sandbox-seccomp-filter.c
+++ b/sandbox-seccomp-filter.c
@@ -154,6 +154,9 @@ static const struct sock_filter preauth_insns[] = {
#ifdef __NR_fstat64
SC_DENY(__NR_fstat64, EACCES),
#endif
+#ifdef __NR_fstatat64
+ SC_DENY(__NR_fstatat64, EACCES),
+#endif
#ifdef __NR_open
SC_DENY(__NR_open, EACCES),
#endif