commit | 6830592f5d006774ecc2f40120179a826803a099 | [log] [tgz] |
---|---|---|
author | Mike Frysinger <vapier@chromium.org> | Fri Mar 29 19:56:13 2019 |
committer | chrome-bot <chrome-bot@chromium.org> | Sat Mar 30 09:53:04 2019 |
tree | 5e8546934c33751b4712413f7d3fc0c478136f89 | |
parent | 529a9d08c5dc835e10416c65f9fda50c36ca81b5 [diff] |
seccomp: add fstatfs to the filter Since dash uses fstatfs now to check the source of files, allow it. BUG=chromium:569168 TEST=precq passes Change-Id: I5354843ed350a0ca95664f72316f317c276ea450 Reviewed-on: https://chromium-review.googlesource.com/1545546 Commit-Ready: Mike Frysinger <vapier@chromium.org> Tested-by: Mike Frysinger <vapier@chromium.org> Reviewed-by: Ned Nguyen <nednguyen@google.com>
diff --git a/seccomp/mosys-seccomp-amd64.policy b/seccomp/mosys-seccomp-amd64.policy index 1de45ae..62093ae 100644 --- a/seccomp/mosys-seccomp-amd64.policy +++ b/seccomp/mosys-seccomp-amd64.policy
@@ -38,6 +38,7 @@ wait4: 1 write: 1 statfs: 1 +fstatfs: 1 fadvise64: 1 # Implicitly added when Minijail log_seccomp_filter_failures() is used
diff --git a/seccomp/mosys-seccomp-arm.policy b/seccomp/mosys-seccomp-arm.policy index afe3123..aecf161 100644 --- a/seccomp/mosys-seccomp-arm.policy +++ b/seccomp/mosys-seccomp-arm.policy
@@ -39,6 +39,7 @@ ftruncate: 1 pipe: 1 statfs: 1 +fstatfs: 1 prctl: 1 sigreturn: 1 arm_fadvise64_64: 1
diff --git a/seccomp/mosys-seccomp-arm64.policy b/seccomp/mosys-seccomp-arm64.policy index 032e1e7..d76ef30 100644 --- a/seccomp/mosys-seccomp-arm64.policy +++ b/seccomp/mosys-seccomp-arm64.policy
@@ -58,3 +58,4 @@ getdents64: 1 prctl: 1 statfs: 1 +fstatfs: 1