Package: rust-sniffglue / 0.8.2-4

sandbox-access.patch Patch series | download
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -97,3 +97,3 @@ version = "0.8"
 [target."cfg(target_os=\"linux\")".dependencies.syscallz]
-version = "0.7"
+version = "0.8"
 [badges.travis-ci]
diff --git a/src/sandbox/seccomp.rs b/src/sandbox/seccomp.rs
index 95dfa67..e045bf4 100644
--- a/src/sandbox/seccomp.rs
+++ b/src/sandbox/seccomp.rs
@@ -106,6 +106,9 @@ pub fn activate_stage1() -> Result<(), syscallz::Error> {
     ctx.allow_syscall(Syscall::gettimeofday)?;
     ctx.allow_syscall(Syscall::brk)?;
     ctx.allow_syscall(Syscall::madvise)?;
+    #[cfg(not(target_arch = "aarch64"))]
+    ctx.allow_syscall(Syscall::access)?; // needed for debian /etc/ld.so.nohwcap
+    ctx.allow_syscall(Syscall::faccessat)?; // needed for debian /etc/ld.so.nohwcap
 
     ctx.load()?;