diff options
| author | Christos Zoulas <christos@zoulas.com> | 2021-04-06 22:02:17 +0000 |
|---|---|---|
| committer | Christos Zoulas <christos@zoulas.com> | 2021-04-06 22:02:17 +0000 |
| commit | abcd583135bb0762e6bfd0f2e06c50bea1fb3cd0 (patch) | |
| tree | 745edcefc2ea649667598050edde5b319f4d52d0 | |
| parent | 7cc6f66b9926944d2b8ffcd5f39aa8badc47bcd3 (diff) | |
| download | file-git-abcd583135bb0762e6bfd0f2e06c50bea1fb3cd0.tar.gz | |
On ARM64 Linux access() syscall is no longer a real syscall to the
kernel. Instead it's emulated by glibc with a new faccessat() syscall.
(Icenowy Zheng)
| -rw-r--r-- | src/seccomp.c | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/src/seccomp.c b/src/seccomp.c index 0da907ff..81842cf5 100644 --- a/src/seccomp.c +++ b/src/seccomp.c @@ -27,7 +27,7 @@ #include "file.h" #ifndef lint -FILE_RCSID("@(#)$File: seccomp.c,v 1.18 2021/03/14 17:01:58 christos Exp $") +FILE_RCSID("@(#)$File: seccomp.c,v 1.19 2021/04/06 22:02:17 christos Exp $") #endif /* lint */ #if HAVE_LIBSECCOMP @@ -171,6 +171,9 @@ enable_sandbox_full(void) ALLOW_RULE(dup2); ALLOW_RULE(exit); ALLOW_RULE(exit_group); +#ifdef __NR_faccessat + ALLOW_RULE(faccessat); +#endif ALLOW_RULE(fcntl); ALLOW_RULE(fcntl64); ALLOW_RULE(fstat); |