From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id E48CF1382C5 for ; Wed, 3 Feb 2021 20:41:24 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 2CDADE0867; Wed, 3 Feb 2021 20:41:24 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 146FEE0867 for ; Wed, 3 Feb 2021 20:41:24 +0000 (UTC) Received: from oystercatcher.gentoo.org (unknown [IPv6:2a01:4f8:202:4333:225:90ff:fed9:fc84]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id 17EB8340DA0 for ; Wed, 3 Feb 2021 20:41:23 +0000 (UTC) Received: from localhost.localdomain (localhost [IPv6:::1]) by oystercatcher.gentoo.org (Postfix) with ESMTP id 8EF8F48B for ; Wed, 3 Feb 2021 20:41:21 +0000 (UTC) From: "Sergei Trofimovich" To: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: 8bit Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Sergei Trofimovich" Message-ID: <1612384812.3c57b08ca0d0e276c8ae93c9e0984ad60bd2ff69.slyfox@gentoo> Subject: [gentoo-commits] proj/pax-utils:master commit in: / X-VCS-Repository: proj/pax-utils X-VCS-Files: security.c X-VCS-Directories: / X-VCS-Committer: slyfox X-VCS-Committer-Name: Sergei Trofimovich X-VCS-Revision: 3c57b08ca0d0e276c8ae93c9e0984ad60bd2ff69 X-VCS-Branch: master Date: Wed, 3 Feb 2021 20:41:21 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply X-Archives-Salt: e67689e7-78b0-4a6e-a0b2-2c1be98e8c97 X-Archives-Hash: 85a362effd5cd5599009b9456cb72625 commit: 3c57b08ca0d0e276c8ae93c9e0984ad60bd2ff69 Author: Sergei Trofimovich gentoo org> AuthorDate: Wed Feb 3 20:40:12 2021 +0000 Commit: Sergei Trofimovich gentoo org> CommitDate: Wed Feb 3 20:40:12 2021 +0000 URL: https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=3c57b08c security.c: allow faccessat2 syscall in seccomt filters (take 2) Under glibc-2.33 sandox uses faccessat2 to stat symlinks. Unfortunately libseccomp does not yet provide syscall definition for faccessat2. Define it locally. Reported-by: Cănărău Constantin Bug: https://bugs.gentoo.org/768435 Signed-off-by: Sergei Trofimovich gentoo.org> security.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/security.c b/security.c index ab8a499..802e586 100644 --- a/security.c +++ b/security.c @@ -156,6 +156,11 @@ static void pax_seccomp_init(bool allow_forking) SCMP_SYS(readlink), SCMP_SYS(readlinkat), SCMP_SYS(getcwd), + #ifndef __SNR_faccessat2 + /* faccessat2 is not yet defiled in latest libseccomp-2.5.1 */ + # define __SNR_faccessat2 __NR_faccessat2 + #endif + SCMP_SYS(faccessat2), /* Syscalls listed because of fakeroot. */ SCMP_SYS(msgget),