Allow unlinkat() in the seccomp2 sandbox

Closes ticket 33346.
This commit is contained in:
Nick Mathewson 2020-02-26 15:17:12 -05:00
parent b9c7c61ea5
commit c81cb588db
2 changed files with 6 additions and 0 deletions

3
changes/ticket33346 Normal file
View File

@ -0,0 +1,3 @@
o Minor features (linux seccomp2 sandbox):
- Permit the unlinkat() syscall, which some Libc implementations
use to implement unlink(). Closes ticket 33346.

View File

@ -269,6 +269,9 @@ static int filter_nopar_gen[] = {
SCMP_SYS(recvfrom), SCMP_SYS(recvfrom),
SCMP_SYS(sendto), SCMP_SYS(sendto),
SCMP_SYS(unlink), SCMP_SYS(unlink),
#ifdef __NR_unlinkat
SCMP_SYS(unlinkat),
#endif
SCMP_SYS(poll) SCMP_SYS(poll)
}; };