void-packages/srcpkgs/openbsd-file/patches/glibc.patch

28 lines
742 B
Diff

From 62ee6ab013285b8f6dce1f729d97a1c31abf5071 Mon Sep 17 00:00:00 2001
From: Bryan Steele <brynet@gmail.com>
Date: Tue, 3 Aug 2021 21:16:44 -0400
Subject: [PATCH] portable; Non-fatally deny newfstatat/statx(2) syscalls used
by newer glibc.
---
seccomp-sandbox.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/seccomp-sandbox.c b/seccomp-sandbox.c
index d65b813..03d70dd 100644
--- a/seccomp-sandbox.c
+++ b/seccomp-sandbox.c
@@ -132,6 +132,12 @@ static const struct sock_filter filt_insns[] = {
#ifdef __NR_openat
SC_DENY(__NR_openat, EACCES),
#endif
+#ifdef __NR_newfstatat
+ SC_DENY(__NR_newfstatat, EACCES),
+#endif
+#ifdef __NR_statx
+ SC_DENY(__NR_statx, EACCES),
+#endif
/* Syscalls to permit. */
#ifdef __NR_brk