handle futex_time64 properly in seccomp sandbox

Previously we only allowed __NR_futex, but some 32-bit systems
apparently support __NR_futex_time64. We had support for this
in the sandbox, but because of a macro error only __NR_futex was
allowlisted.

ok dtucker@

diff --git a/sandbox-seccomp-filter.c b/sandbox-seccomp-filter.c
index b31062c2b56cc51bb80c75dabc87839b25e9c608..827cb61ee696b37f4a1e599cfab294c8dc222a45 100644 (file)
--- a/sandbox-seccomp-filter.c
+++ b/sandbox-seccomp-filter.c
@@ -180,12 +180,12 @@
 
 /* Use this for both __NR_futex and __NR_futex_time64 */
 # define SC_FUTEX(_nr) \
-       SC_ALLOW_FUTEX_OP(__NR_futex, FUTEX_WAIT), \
-       SC_ALLOW_FUTEX_OP(__NR_futex, FUTEX_WAIT_BITSET), \
-       SC_ALLOW_FUTEX_OP(__NR_futex, FUTEX_WAKE), \
-       SC_ALLOW_FUTEX_OP(__NR_futex, FUTEX_WAKE_BITSET), \
-       SC_ALLOW_FUTEX_OP(__NR_futex, FUTEX_REQUEUE), \
-       SC_ALLOW_FUTEX_OP(__NR_futex, FUTEX_CMP_REQUEUE)
+       SC_ALLOW_FUTEX_OP(_nr, FUTEX_WAIT), \
+       SC_ALLOW_FUTEX_OP(_nr, FUTEX_WAIT_BITSET), \
+       SC_ALLOW_FUTEX_OP(_nr, FUTEX_WAKE), \
+       SC_ALLOW_FUTEX_OP(_nr, FUTEX_WAKE_BITSET), \
+       SC_ALLOW_FUTEX_OP(_nr, FUTEX_REQUEUE), \
+       SC_ALLOW_FUTEX_OP(_nr, FUTEX_CMP_REQUEUE)
 #endif /* __NR_futex || __NR_futex_time64 */
 
 #if defined(__NR_mmap) || defined(__NR_mmap2)