Skip to content

Commit

Permalink
Allow 64-bit version of fstat() syscall on Linux
Browse files Browse the repository at this point in the history 
On 32-bit architectures, glibc can't implement its fstat() function with
the fstat() syscall; it requires fstat64() instead. Add that syscall to
the seccomp whitelist, which should hopefully solve this issue:

  #14
  • Loading branch information
@eafer
eafer committed Jan 26, 2021
1 parent ec10091 commit ecda324
Showing 1 changed file with 1 addition and 0 deletions.
1 change: 1 addition & 0 deletions src/sandbox.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -41,6 +41,7 @@ static void do_start_sandbox(void)
fail |= seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(exit_group), 0);
fail |= seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(close), 0);
fail |= seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(fstat), 0);
fail |= seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(fstat64), 0);
fail |= seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(mmap), 0);
fail |= seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(mremap), 0);
fail |= seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(munmap), 0);
Expand Down

0 comments on commit ecda324

Please sign in to comment.