[File] [PATCH] Fix seccomp on ARM64 Linux
Christos Zoulas
christos at zoulas.com
Tue Apr 6 22:02:34 UTC 2021
Applied, thanks!
christos
> On Apr 6, 2021, at 2:12 PM, Icenowy Zheng <icenowy at aosc.io> wrote:
>
> On ARM64 Linux access() syscall is no longer a real syscall to the
> kernel. Instead it's emulated by glibc with a new faccessat() syscall.
>
> faccessat() adds the functionality to do access permission check for a
> path relative to a file descriptor. As this seems to be not granting
> too much permission, add it to the whilelist of seccomp, to allow file
> command to run correctly on ARM64 Linux machines.
> ---
> src/seccomp.c | 3 +++
> 1 file changed, 3 insertions(+)
>
> diff --git a/src/seccomp.c b/src/seccomp.c
> index 0da907ff..d812e262 100644
> --- a/src/seccomp.c
> +++ b/src/seccomp.c
> @@ -171,6 +171,9 @@ enable_sandbox_full(void)
> ALLOW_RULE(dup2);
> ALLOW_RULE(exit);
> ALLOW_RULE(exit_group);
> +#ifdef __NR_faccessat
> + ALLOW_RULE(faccessat);
> +#endif
> ALLOW_RULE(fcntl);
> ALLOW_RULE(fcntl64);
> ALLOW_RULE(fstat);
> --
> 2.30.2
> --
> File mailing list
> File at astron.com
> https://mailman.astron.com/mailman/listinfo/file
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 235 bytes
Desc: Message signed with OpenPGP
URL: <https://mailman.astron.com/pipermail/file/attachments/20210406/8e087541/attachment.asc>
More information about the File
mailing list