1*4882a593SmuzhiyunFrom c6cdf0aee71ab4126d36b045f02428ee3c6ec50b Mon Sep 17 00:00:00 2001 2*4882a593SmuzhiyunFrom: Roy Marples <roy@marples.name> 3*4882a593SmuzhiyunDate: Fri, 26 Aug 2022 09:08:36 +0100 4*4882a593SmuzhiyunSubject: [PATCH 1/2] privsep: Allow getrandom sysctl for newer glibc 5*4882a593Smuzhiyun 6*4882a593SmuzhiyunFixes #120 7*4882a593Smuzhiyun 8*4882a593SmuzhiyunUpstream-Status: Backport [c6cdf0aee71ab4126d36b045f02428ee3c6ec50b] 9*4882a593SmuzhiyunSigned-off-by: Chen Qi <Qi.Chen@windriver.com> 10*4882a593Smuzhiyun--- 11*4882a593Smuzhiyun src/privsep-linux.c | 3 +++ 12*4882a593Smuzhiyun 1 file changed, 3 insertions(+) 13*4882a593Smuzhiyun 14*4882a593Smuzhiyundiff --git a/src/privsep-linux.c b/src/privsep-linux.c 15*4882a593Smuzhiyunindex b238644b..479a1d82 100644 16*4882a593Smuzhiyun--- a/src/privsep-linux.c 17*4882a593Smuzhiyun+++ b/src/privsep-linux.c 18*4882a593Smuzhiyun@@ -300,6 +300,9 @@ static struct sock_filter ps_seccomp_filter[] = { 19*4882a593Smuzhiyun #ifdef __NR_getpid 20*4882a593Smuzhiyun SECCOMP_ALLOW(__NR_getpid), 21*4882a593Smuzhiyun #endif 22*4882a593Smuzhiyun+#ifdef __NR_getrandom 23*4882a593Smuzhiyun+ SECCOMP_ALLOW(__NR_getrandom), 24*4882a593Smuzhiyun+#endif 25*4882a593Smuzhiyun #ifdef __NR_getsockopt 26*4882a593Smuzhiyun /* For route socket overflow */ 27*4882a593Smuzhiyun SECCOMP_ALLOW_ARG(__NR_getsockopt, 1, SOL_SOCKET), 28*4882a593Smuzhiyun-- 29*4882a593Smuzhiyun2.17.1 30*4882a593Smuzhiyun 31