1 |
commit: 4941a742dcd35d80d16fc96906cd022e03a3799b |
2 |
Author: Mike Frysinger <vapier <AT> gentoo <DOT> org> |
3 |
AuthorDate: Thu Mar 3 21:10:26 2016 +0000 |
4 |
Commit: Mike Frysinger <vapier <AT> gentoo <DOT> org> |
5 |
CommitDate: Thu Mar 3 21:10:26 2016 +0000 |
6 |
URL: https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=4941a742 |
7 |
|
8 |
security: whitelist readlinkat |
9 |
|
10 |
Newer arches omit readlink entirely (like aarch64). |
11 |
|
12 |
Reported-by: Steev Klimaszewski <steev <AT> gentoo.org> |
13 |
|
14 |
security.c | 1 + |
15 |
1 file changed, 1 insertion(+) |
16 |
|
17 |
diff --git a/security.c b/security.c |
18 |
index b635ccf..8019860 100644 |
19 |
--- a/security.c |
20 |
+++ b/security.c |
21 |
@@ -136,6 +136,7 @@ static void pax_seccomp_init(bool allow_forking) |
22 |
|
23 |
/* Syscalls listed because of sandbox. */ |
24 |
SCMP_SYS(readlink), |
25 |
+ SCMP_SYS(readlinkat), |
26 |
SCMP_SYS(getcwd), |
27 |
|
28 |
/* Syscalls listed because of fakeroot. */ |