commit: 3c57b08ca0d0e276c8ae93c9e0984ad60bd2ff69 Author: Sergei Trofimovich <slyfox <AT> gentoo <DOT> org> AuthorDate: Wed Feb 3 20:40:12 2021 +0000 Commit: Sergei Trofimovich <slyfox <AT> gentoo <DOT> org> CommitDate: Wed Feb 3 20:40:12 2021 +0000 URL: https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=3c57b08c
security.c: allow faccessat2 syscall in seccomt filters (take 2) Under glibc-2.33 sandox uses faccessat2 to stat symlinks. Unfortunately libseccomp does not yet provide syscall definition for faccessat2. Define it locally. Reported-by: Cănărău Constantin Bug: https://bugs.gentoo.org/768435 Signed-off-by: Sergei Trofimovich <slyfox <AT> gentoo.org> security.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/security.c b/security.c index ab8a499..802e586 100644 --- a/security.c +++ b/security.c @@ -156,6 +156,11 @@ static void pax_seccomp_init(bool allow_forking) SCMP_SYS(readlink), SCMP_SYS(readlinkat), SCMP_SYS(getcwd), + #ifndef __SNR_faccessat2 + /* faccessat2 is not yet defiled in latest libseccomp-2.5.1 */ + # define __SNR_faccessat2 __NR_faccessat2 + #endif + SCMP_SYS(faccessat2), /* Syscalls listed because of fakeroot. */ SCMP_SYS(msgget),
