security.c: allow 'statx' in seccomp sandbox (musl-1.1.24)v1.2.6

musl-1.1.24 starting from dfc81828f7ab41da08f744c "implement fstatat with SYS_statx, conditional on undersized kstat time" changed fstatat() to use statx(). This caused scanelf to crash under seccomp sandbox. The change whitelists 'statx' syscall. Bug: https://bugs.gentoo.org/717300 Signed-off-by: Sergei Trofimovich <slyfox@gentoo.org>
author: Sergei Trofimovich <slyfox@gentoo.org> 2020-04-13 11:36:13 +0100
committer: Sergei Trofimovich <slyfox@gentoo.org> 2020-04-13 11:36:13 +0100
commit: 686bd1cb140fa13652b4a0a209d616865b9265bc (patch)
tree: 8a5cd0bf12ba9c814e5d3a20a3b487bc0f5d814b
parent: Add RISC-V to the list of architectures in ELF (diff)
download: pax-utils-686bd1cb140fa13652b4a0a209d616865b9265bc.tar.gz
pax-utils-686bd1cb140fa13652b4a0a209d616865b9265bc.tar.bz2
pax-utils-686bd1cb140fa13652b4a0a209d616865b9265bc.zip
1 files changed, 1 insertions, 0 deletions
diff --git a/security.c b/security.c
index c91e514..ab8a499 100644
--- a/security.c
+++ b/security.c
@@ -102,6 +102,7 @@ static void pax_seccomp_init(bool allow_forking)
 		SCMP_SYS(lstat64),
 		SCMP_SYS(stat),
 		SCMP_SYS(stat64),
+		SCMP_SYS(statx),
 
 		/* Then the fd close func.  */
 		SCMP_SYS(close),
author	Sergei Trofimovich <slyfox@gentoo.org>	2020-04-13 11:36:13 +0100
committer	Sergei Trofimovich <slyfox@gentoo.org>	2020-04-13 11:36:13 +0100
commit	686bd1cb140fa13652b4a0a209d616865b9265bc (patch)
tree	8a5cd0bf12ba9c814e5d3a20a3b487bc0f5d814b
parent	Add RISC-V to the list of architectures in ELF (diff)
download	pax-utils-686bd1cb140fa13652b4a0a209d616865b9265bc.tar.gz pax-utils-686bd1cb140fa13652b4a0a209d616865b9265bc.tar.bz2 pax-utils-686bd1cb140fa13652b4a0a209d616865b9265bc.zip