commit: c39a557a2b53f6fea61117d9b0d90ea51a738d6b Author: Mike Frysinger <vapier <AT> gentoo <DOT> org> AuthorDate: Wed Aug 26 06:27:27 2015 +0000 Commit: Mike Frysinger <vapier <AT> gentoo <DOT> org> CommitDate: Wed Aug 26 06:27:27 2015 +0000 URL: https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=c39a557a
security: whitelist fakeroot syscalls Until we get a bit more dynamic here, whitelist the IPC syscalls that fakeroot uses since it is available via portage FEATURES. URL: https://bugs.gentoo.org/558482 security.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/security.c b/security.c index a62c798..1fa64a0 100644 --- a/security.c +++ b/security.c @@ -122,6 +122,13 @@ static void pax_seccomp_init(bool allow_forking) /* Syscalls listed because of sandbox. */ SCMP_SYS(readlink), + + /* Syscalls listed because of fakeroot. */ + SCMP_SYS(msgget), + SCMP_SYS(msgrcv), + SCMP_SYS(msgsnd), + SCMP_SYS(semget), + SCMP_SYS(semop), }; int fork_syscalls[] = { SCMP_SYS(clone),