security.c: allow faccessat2 syscall in seccomt filters (take 2)v1.2.9

Under glibc-2.33 sandox uses faccessat2 to stat symlinks. Unfortunately libseccomp does not yet provide syscall definition for faccessat2. Define it locally. Reported-by: Cănărău Constantin Bug: https://bugs.gentoo.org/768435 Signed-off-by: Sergei Trofimovich <slyfox@gentoo.org>
author: Sergei Trofimovich <slyfox@gentoo.org> 2021-02-03 20:40:12 +0000
committer: Sergei Trofimovich <slyfox@gentoo.org> 2021-02-03 20:40:12 +0000
commit: 3c57b08ca0d0e276c8ae93c9e0984ad60bd2ff69 (patch)
tree: 4835fc9081a4359f031112dc129114a4ef3a4d1d
parent: Revert "security.c: allow faccessat2 syscall in seccomt filters" (diff)
download: pax-utils-1.2.9.tar.gz
pax-utils-1.2.9.tar.bz2
pax-utils-1.2.9.zip
1 files changed, 5 insertions, 0 deletions
diff --git a/security.c b/security.c
index ab8a499..802e586 100644
--- a/security.c
+++ b/security.c
@@ -156,6 +156,11 @@ static void pax_seccomp_init(bool allow_forking)
 		SCMP_SYS(readlink),
 		SCMP_SYS(readlinkat),
 		SCMP_SYS(getcwd),
+		#ifndef __SNR_faccessat2
+		/* faccessat2 is not yet defiled in latest libseccomp-2.5.1 */
+		#    define __SNR_faccessat2 __NR_faccessat2
+		#endif
+		SCMP_SYS(faccessat2),
 
 		/* Syscalls listed because of fakeroot.  */
 		SCMP_SYS(msgget),
author	Sergei Trofimovich <slyfox@gentoo.org>	2021-02-03 20:40:12 +0000
committer	Sergei Trofimovich <slyfox@gentoo.org>	2021-02-03 20:40:12 +0000
commit	3c57b08ca0d0e276c8ae93c9e0984ad60bd2ff69 (patch)
tree	4835fc9081a4359f031112dc129114a4ef3a4d1d
parent	Revert "security.c: allow faccessat2 syscall in seccomt filters" (diff)
download	pax-utils-1.2.9.tar.gz pax-utils-1.2.9.tar.bz2 pax-utils-1.2.9.zip