From 3c57b08ca0d0e276c8ae93c9e0984ad60bd2ff69 Mon Sep 17 00:00:00 2001
From: Sergei Trofimovich <slyfox@gentoo.org>
Date: Wed, 3 Feb 2021 20:40:12 +0000
Subject: security.c: allow faccessat2 syscall in seccomt filters (take 2)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Under glibc-2.33 sandox uses faccessat2 to stat symlinks.

Unfortunately libseccomp does not yet provide syscall definition
for faccessat2. Define it locally.

Reported-by: Cănărău Constantin
Bug: https://bugs.gentoo.org/768435
Signed-off-by: Sergei Trofimovich <slyfox@gentoo.org>
---
 security.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/security.c b/security.c
index ab8a499..802e586 100644
--- a/security.c
+++ b/security.c
@@ -156,6 +156,11 @@ static void pax_seccomp_init(bool allow_forking)
 		SCMP_SYS(readlink),
 		SCMP_SYS(readlinkat),
 		SCMP_SYS(getcwd),
+		#ifndef __SNR_faccessat2
+		/* faccessat2 is not yet defiled in latest libseccomp-2.5.1 */
+		#    define __SNR_faccessat2 __NR_faccessat2
+		#endif
+		SCMP_SYS(faccessat2),
 
 		/* Syscalls listed because of fakeroot.  */
 		SCMP_SYS(msgget),
-- 
cgit v1.2.3-65-gdbad