priv: also allow the use of openat for seccomp

author Vincent Bernat <vincent@bernat.im>

Thu, 16 Nov 2017 15:38:55 +0000 (16:38 +0100)

committer Vincent Bernat <vincent@bernat.im>

Thu, 16 Nov 2017 15:40:29 +0000 (16:40 +0100)
author Vincent Bernat <vincent@bernat.im>
Thu, 16 Nov 2017 15:38:55 +0000 (16:38 +0100)
committer Vincent Bernat <vincent@bernat.im>
Thu, 16 Nov 2017 15:40:29 +0000 (16:40 +0100)
diff --git a/src/daemon/priv-seccomp.c b/src/daemon/priv-seccomp.c

index 7d911bc02eb70752e2224858aa02558bd8eb526d..fe48ad3eaf9f9541cf4316ec1cdf2c94d94092f2 100644 (file)
--- a/src/daemon/priv-seccomp.c
+++ b/src/daemon/priv-seccomp.c
@@ -148,6 +148,7 @@ priv_seccomp_init(int remote, int child)
         if ((rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(read), 0)) < 0 ||
             (rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(write), 0)) < 0 || /* write needed for */
             (rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(open), 0)) < 0 ||
+           (rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(openat), 0)) < 0 ||
             (rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(fcntl), 0)) < 0 ||
             (rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(kill), 0)) < 0 ||
             (rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(socket), 0)) < 0 ||
author	Vincent Bernat <vincent@bernat.im>
	Thu, 16 Nov 2017 15:38:55 +0000 (16:38 +0100)
committer	Vincent Bernat <vincent@bernat.im>
	Thu, 16 Nov 2017 15:40:29 +0000 (16:40 +0100)