commit: 686bd1cb140fa13652b4a0a209d616865b9265bc Author: Sergei Trofimovich <slyfox <AT> gentoo <DOT> org> AuthorDate: Mon Apr 13 10:36:13 2020 +0000 Commit: Sergei Trofimovich <slyfox <AT> gentoo <DOT> org> CommitDate: Mon Apr 13 10:36:13 2020 +0000 URL: https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=686bd1cb
security.c: allow 'statx' in seccomp sandbox (musl-1.1.24) musl-1.1.24 starting from dfc81828f7ab41da08f744c "implement fstatat with SYS_statx, conditional on undersized kstat time" changed fstatat() to use statx(). This caused scanelf to crash under seccomp sandbox. The change whitelists 'statx' syscall. Bug: https://bugs.gentoo.org/717300 Signed-off-by: Sergei Trofimovich <slyfox <AT> gentoo.org> security.c | 1 + 1 file changed, 1 insertion(+) diff --git a/security.c b/security.c index c91e514..ab8a499 100644 --- a/security.c +++ b/security.c @@ -102,6 +102,7 @@ static void pax_seccomp_init(bool allow_forking) SCMP_SYS(lstat64), SCMP_SYS(stat), SCMP_SYS(stat64), + SCMP_SYS(statx), /* Then the fd close func. */ SCMP_SYS(close),
