seccomp: add fstatfs to the filter

Since dash uses fstatfs now to check the source of files, allow it.

BUG=chromium:569168
TEST=precq passes

Change-Id: I5354843ed350a0ca95664f72316f317c276ea450
Reviewed-on: https://chromium-review.googlesource.com/1545546
Commit-Ready: Mike Frysinger <vapier@chromium.org>
Tested-by: Mike Frysinger <vapier@chromium.org>
Reviewed-by: Ned Nguyen <nednguyen@google.com>
diff --git a/seccomp/mosys-seccomp-amd64.policy b/seccomp/mosys-seccomp-amd64.policy
index 1de45ae..62093ae 100644
--- a/seccomp/mosys-seccomp-amd64.policy
+++ b/seccomp/mosys-seccomp-amd64.policy
@@ -38,6 +38,7 @@
 wait4: 1
 write: 1
 statfs: 1
+fstatfs: 1
 fadvise64: 1
 
 # Implicitly added when Minijail log_seccomp_filter_failures() is used
diff --git a/seccomp/mosys-seccomp-arm.policy b/seccomp/mosys-seccomp-arm.policy
index afe3123..aecf161 100644
--- a/seccomp/mosys-seccomp-arm.policy
+++ b/seccomp/mosys-seccomp-arm.policy
@@ -39,6 +39,7 @@
 ftruncate: 1
 pipe: 1
 statfs: 1
+fstatfs: 1
 prctl: 1
 sigreturn: 1
 arm_fadvise64_64: 1
diff --git a/seccomp/mosys-seccomp-arm64.policy b/seccomp/mosys-seccomp-arm64.policy
index 032e1e7..d76ef30 100644
--- a/seccomp/mosys-seccomp-arm64.policy
+++ b/seccomp/mosys-seccomp-arm64.policy
@@ -58,3 +58,4 @@
 getdents64: 1
 prctl: 1
 statfs: 1
+fstatfs: 1