Commit 070eda5a authored by Nick Mathewson's avatar Nick Mathewson 🥔
Browse files

Add the poll() syscall as permitted by the sandbox 

Apparently, sometimes getpwnam will call this.

Fixes bug 25513.
parent 3370b3cf

changes/feature25313

0 → 100644
+4 −0
Original line number Diff line number Diff line 
  o Minor features (sandbox):

    - Explicitly permit the poll() system call when the Linux seccomp2-based

      sandbox is enabled: apparently, some versions of libc use poll() when

      calling getpwnam(). Closes ticket 25313.

src/common/sandbox.c

+2 −1
Original line number Diff line number Diff line
@@ -247,7 +247,8 @@ static int filter_nopar_gen[] = { 
    SCMP_SYS(recvmsg),

    SCMP_SYS(recvfrom),

    SCMP_SYS(sendto),

    SCMP_SYS(unlink)

    SCMP_SYS(unlink),

    SCMP_SYS(poll)

};



/* These macros help avoid the error where the number of filters we add on a