From 0727dd09eca355e7539cbcb23b148fcee9b21513 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Fri, 12 Mar 2021 15:58:57 +1100 Subject: [PATCH] Allow (but return EACCES) fstatat64 in sandbox. This is apparently used in some configurations of OpenSSL when glibc has getrandom(). bz#3276, patch from Kris Karas, ok djm@ --- sandbox-seccomp-filter.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/sandbox-seccomp-filter.c b/sandbox-seccomp-filter.c index d8dc7120b..7981c84ad 100644 --- a/sandbox-seccomp-filter.c +++ b/sandbox-seccomp-filter.c @@ -154,6 +154,9 @@ static const struct sock_filter preauth_insns[] = { #ifdef __NR_fstat64 SC_DENY(__NR_fstat64, EACCES), #endif +#ifdef __NR_fstatat64 + SC_DENY(__NR_fstatat64, EACCES), +#endif #ifdef __NR_open SC_DENY(__NR_open, EACCES), #endif