blob: f9e715cc366f1c0b0560a28899e908fc23b90f80 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
|
Allow syscalls for Gentoo's portage sandbox
- Add getcwd (bug #728978)
- Add faccessat2 (bug #889046)
Bug: https://bugs.gentoo.org/728978
Bug: https://bugs.gentoo.org/889046
--- a/src/seccomp.c
+++ b/src/seccomp.c
@@ -174,6 +174,9 @@ enable_sandbox_full(void)
ALLOW_RULE(exit_group);
#ifdef __NR_faccessat
ALLOW_RULE(faccessat);
+#endif
+#ifdef __NR_faccessat2
+ ALLOW_RULE(faccessat2);
#endif
ALLOW_RULE(fcntl);
ALLOW_RULE(fcntl64);
@@ -237,6 +240,8 @@ enable_sandbox_full(void)
ALLOW_RULE(write);
ALLOW_RULE(writev);
+ // needed by Gentoo's portage sandbox
+ ALLOW_RULE(getcwd);
#if 0
// needed by valgrind
|
