1*4882a593SmuzhiyunFrom 7625a555797f587a89dc2447fd9d621024d5165c Mon Sep 17 00:00:00 2001 2*4882a593SmuzhiyunFrom: Roy Marples <roy@marples.name> 3*4882a593SmuzhiyunDate: Fri, 26 Aug 2022 09:24:50 +0100 4*4882a593SmuzhiyunSubject: [PATCH 2/2] privsep: Allow newfstatat syscall as well 5*4882a593Smuzhiyun 6*4882a593SmuzhiyunAllows newer glibc variants to work apparently. 7*4882a593SmuzhiyunAs reported in #84 and #89. 8*4882a593Smuzhiyun 9*4882a593SmuzhiyunUpstream-Status: Backport [7625a555797f587a89dc2447fd9d621024d5165c] 10*4882a593SmuzhiyunSigned-off-by: Chen Qi <Qi.Chen@windriver.com> 11*4882a593Smuzhiyun--- 12*4882a593Smuzhiyun src/privsep-linux.c | 3 +++ 13*4882a593Smuzhiyun 1 file changed, 3 insertions(+) 14*4882a593Smuzhiyun 15*4882a593Smuzhiyundiff --git a/src/privsep-linux.c b/src/privsep-linux.c 16*4882a593Smuzhiyunindex 479a1d82..6327b1bc 100644 17*4882a593Smuzhiyun--- a/src/privsep-linux.c 18*4882a593Smuzhiyun+++ b/src/privsep-linux.c 19*4882a593Smuzhiyun@@ -328,6 +328,9 @@ static struct sock_filter ps_seccomp_filter[] = { 20*4882a593Smuzhiyun #ifdef __NR_nanosleep 21*4882a593Smuzhiyun SECCOMP_ALLOW(__NR_nanosleep), /* XXX should use ppoll instead */ 22*4882a593Smuzhiyun #endif 23*4882a593Smuzhiyun+#ifdef __NR_newfstatat 24*4882a593Smuzhiyun+ SECCOMP_ALLOW(__NR_newfstatat), 25*4882a593Smuzhiyun+#endif 26*4882a593Smuzhiyun #ifdef __NR_ppoll 27*4882a593Smuzhiyun SECCOMP_ALLOW(__NR_ppoll), 28*4882a593Smuzhiyun #endif 29*4882a593Smuzhiyun-- 30*4882a593Smuzhiyun2.17.1 31*4882a593Smuzhiyun 32