| 1 |
commit: 4941a742dcd35d80d16fc96906cd022e03a3799b |
| 2 |
Author: Mike Frysinger <vapier <AT> gentoo <DOT> org> |
| 3 |
AuthorDate: Thu Mar 3 21:10:26 2016 +0000 |
| 4 |
Commit: Mike Frysinger <vapier <AT> gentoo <DOT> org> |
| 5 |
CommitDate: Thu Mar 3 21:10:26 2016 +0000 |
| 6 |
URL: https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=4941a742 |
| 7 |
|
| 8 |
security: whitelist readlinkat |
| 9 |
|
| 10 |
Newer arches omit readlink entirely (like aarch64). |
| 11 |
|
| 12 |
Reported-by: Steev Klimaszewski <steev <AT> gentoo.org> |
| 13 |
|
| 14 |
security.c | 1 + |
| 15 |
1 file changed, 1 insertion(+) |
| 16 |
|
| 17 |
diff --git a/security.c b/security.c |
| 18 |
index b635ccf..8019860 100644 |
| 19 |
--- a/security.c |
| 20 |
+++ b/security.c |
| 21 |
@@ -136,6 +136,7 @@ static void pax_seccomp_init(bool allow_forking) |
| 22 |
|
| 23 |
/* Syscalls listed because of sandbox. */ |
| 24 |
SCMP_SYS(readlink), |
| 25 |
+ SCMP_SYS(readlinkat), |
| 26 |
SCMP_SYS(getcwd), |
| 27 |
|
| 28 |
/* Syscalls listed because of fakeroot. */ |
Archives