Allow (but return EACCES) fstatat64 in sandbox.

This is apparently used in some configurations of OpenSSL when glibc
has getrandom().  bz#3276, patch from Kris Karas, ok djm@
This commit is contained in:
Darren Tucker 2021-03-12 15:58:57 +11:00
parent 1cd67ee15c
commit 82fef71e20
1 changed files with 3 additions and 0 deletions

View File

@ -154,6 +154,9 @@ static const struct sock_filter preauth_insns[] = {
#ifdef __NR_fstat64
SC_DENY(__NR_fstat64, EACCES),
#endif
#ifdef __NR_fstatat64
SC_DENY(__NR_fstatat64, EACCES),
#endif
#ifdef __NR_open
SC_DENY(__NR_open, EACCES),
#endif