Attachment #649898 for bug #730540

View | Details | Raw Unified | Return to bug 730540
Collapse All | Expand All




	ALLOW_RULE(rt_sigreturn);
	ALLOW_RULE(select);
	ALLOW_RULE(stat);
	ALLOW_RULE(statx);
	ALLOW_RULE(stat64);
	ALLOW_RULE(sysinfo);
	ALLOW_RULE(umask);	// Used in file_pipe2file()
	ALLOW_RULE(getpid);	// Used by glibc in file_pipe2file()
	ALLOW_RULE(unlink);
	ALLOW_RULE(write);
	ALLOW_RULE(writev);

	// needed by Gentoo's portage sandbox
	ALLOW_RULE(getcwd);

Return to bug 730540

Lines 220-231 enable_sandbox_full(void) Link Here

(-)file-5.39.orig/src/seccomp.c (+2 lines)
220	ALLOW_RULE(rt_sigreturn);	220	ALLOW_RULE(rt_sigreturn);
221	ALLOW_RULE(select);	221	ALLOW_RULE(select);
222	ALLOW_RULE(stat);	222	ALLOW_RULE(stat);
		223	ALLOW_RULE(statx);
223	ALLOW_RULE(stat64);	224	ALLOW_RULE(stat64);
224	ALLOW_RULE(sysinfo);	225	ALLOW_RULE(sysinfo);
225	ALLOW_RULE(umask); // Used in file_pipe2file()	226	ALLOW_RULE(umask); // Used in file_pipe2file()
226	ALLOW_RULE(getpid); // Used by glibc in file_pipe2file()	227	ALLOW_RULE(getpid); // Used by glibc in file_pipe2file()
227	ALLOW_RULE(unlink);	228	ALLOW_RULE(unlink);
228	ALLOW_RULE(write);	229	ALLOW_RULE(write);
		230	ALLOW_RULE(writev);
229		231
230	// needed by Gentoo's portage sandbox	232	// needed by Gentoo's portage sandbox
231	ALLOW_RULE(getcwd);	233	ALLOW_RULE(getcwd);