Allow (but return EACCES) fstatat64 in sandbox.

This is apparently used in some configurations of OpenSSL when glibc has getrandom(). bz#3276, patch from Kris Karas, ok djm@
2025-01-03 08:12:05 +00:00 · 2021-03-12 15:58:57 +11:00 · 2021-03-12 15:58:57 +11:00 · 82fef71e20
commit 82fef71e20
parent 1cd67ee15c
1 changed files with 3 additions and 0 deletions
--- a/sandbox-seccomp-filter.c
+++ b/sandbox-seccomp-filter.c
@ -154,6 +154,9 @@ static const struct sock_filter preauth_insns[] = {
 #ifdef __NR_fstat64
 	SC_DENY(__NR_fstat64, EACCES),
 #endif
+#ifdef __NR_fstatat64
+	SC_DENY(__NR_fstatat64, EACCES),
+#endif
 #ifdef __NR_open
 	SC_DENY(__NR_open, EACCES),
 #endif