1From 7625a555797f587a89dc2447fd9d621024d5165c Mon Sep 17 00:00:00 2001 2From: Roy Marples <roy@marples.name> 3Date: Fri, 26 Aug 2022 09:24:50 +0100 4Subject: [PATCH 2/2] privsep: Allow newfstatat syscall as well 5 6Allows newer glibc variants to work apparently. 7As reported in #84 and #89. 8 9Upstream-Status: Backport [7625a555797f587a89dc2447fd9d621024d5165c] 10Signed-off-by: Chen Qi <Qi.Chen@windriver.com> 11--- 12 src/privsep-linux.c | 3 +++ 13 1 file changed, 3 insertions(+) 14 15diff --git a/src/privsep-linux.c b/src/privsep-linux.c 16index 479a1d82..6327b1bc 100644 17--- a/src/privsep-linux.c 18+++ b/src/privsep-linux.c 19@@ -328,6 +328,9 @@ static struct sock_filter ps_seccomp_filter[] = { 20 #ifdef __NR_nanosleep 21 SECCOMP_ALLOW(__NR_nanosleep), /* XXX should use ppoll instead */ 22 #endif 23+#ifdef __NR_newfstatat 24+ SECCOMP_ALLOW(__NR_newfstatat), 25+#endif 26 #ifdef __NR_ppoll 27 SECCOMP_ALLOW(__NR_ppoll), 28 #endif 29-- 302.17.1 31 32