sys_linux: allow lstat and readlink in seccomp filter
These syscalls seem to be needed when gnutls is loading system trusted certificates due to p11-kit >= 0.23.21 getting the program name from /proc/self/exe.
This commit is contained in:
Miroslav Lichvar
parent
bd3b36865e
commit
9ca250755f
1 changed files with 3 additions and 0 deletions
|
|
@ -533,7 +533,10 @@ SYS_Linux_EnableSystemCallFilter(int level, SYS_SystemCallContext context)
|
|||
SCMP_SYS(getdents),
|
||||
SCMP_SYS(getdents64),
|
||||
SCMP_SYS(lseek),
|
||||
SCMP_SYS(lstat),
|
||||
SCMP_SYS(lstat64),
|
||||
SCMP_SYS(newfstatat),
|
||||
SCMP_SYS(readlink),
|
||||
SCMP_SYS(rename),
|
||||
SCMP_SYS(renameat),
|
||||
SCMP_SYS(renameat2),
|
||||
|
|
|
|||
Loading…
Reference in a new issue