commit: 353a328d1dc503bb2952f6c37b0fe6ad47fc5478 Author: Mike Frysinger <vapier <AT> gentoo <DOT> org> AuthorDate: Mon Oct 26 04:22:28 2015 +0000 Commit: Mike Frysinger <vapier <AT> gentoo <DOT> org> CommitDate: Mon Oct 26 04:22:28 2015 +0000 URL: https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=353a328d
security: whitelist the getcwd syscall This might be run by the sandbox. Reported-by: Markus Oehme <oehme.markus <AT> gmx.de> URL: https://bugs.gentoo.org/562206 security.c | 1 + 1 file changed, 1 insertion(+) diff --git a/security.c b/security.c index 8776a80..ba74bee 100644 --- a/security.c +++ b/security.c @@ -131,6 +131,7 @@ static void pax_seccomp_init(bool allow_forking) /* Syscalls listed because of sandbox. */ SCMP_SYS(readlink), + SCMP_SYS(getcwd), /* Syscalls listed because of fakeroot. */ SCMP_SYS(msgget),