| 1 |
commit: 353a328d1dc503bb2952f6c37b0fe6ad47fc5478 |
| 2 |
Author: Mike Frysinger <vapier <AT> gentoo <DOT> org> |
| 3 |
AuthorDate: Mon Oct 26 04:22:28 2015 +0000 |
| 4 |
Commit: Mike Frysinger <vapier <AT> gentoo <DOT> org> |
| 5 |
CommitDate: Mon Oct 26 04:22:28 2015 +0000 |
| 6 |
URL: https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=353a328d |
| 7 |
|
| 8 |
security: whitelist the getcwd syscall |
| 9 |
|
| 10 |
This might be run by the sandbox. |
| 11 |
|
| 12 |
Reported-by: Markus Oehme <oehme.markus <AT> gmx.de> |
| 13 |
URL: https://bugs.gentoo.org/562206 |
| 14 |
|
| 15 |
security.c | 1 + |
| 16 |
1 file changed, 1 insertion(+) |
| 17 |
|
| 18 |
diff --git a/security.c b/security.c |
| 19 |
index 8776a80..ba74bee 100644 |
| 20 |
--- a/security.c |
| 21 |
+++ b/security.c |
| 22 |
@@ -131,6 +131,7 @@ static void pax_seccomp_init(bool allow_forking) |
| 23 |
|
| 24 |
/* Syscalls listed because of sandbox. */ |
| 25 |
SCMP_SYS(readlink), |
| 26 |
+ SCMP_SYS(getcwd), |
| 27 |
|
| 28 |
/* Syscalls listed because of fakeroot. */ |
| 29 |
SCMP_SYS(msgget), |
Archives