Allow mmap2() again

The previous patch allowed mmap(), because it may be needed by malloc(). It makes sense to allow mmap2() as well.
eafer · May 30, 2021 · 444ce3d · 444ce3d
1 parent 8a8868b
commit 444ce3d
Showing 1 changed file with 1 addition and 0 deletions.
diff --git a/src/sandbox.c b/src/sandbox.c
@@ -42,6 +42,7 @@ static void do_start_sandbox(void)
 	fail |= seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(exit_group), 0);
 	fail |= seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(close), 0);
 	fail |= seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(mmap), 0);
+	fail |= seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(mmap2), 0);
 	fail |= seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(munmap), 0);
 
 	fail |= seccomp_load(ctx);