From c6582a8a11e7ad99e2f0a935dd42879b03875a31 Mon Sep 17 00:00:00 2001
From: Roy Marples <roy@marples.name>
Date: Mon, 21 Sep 2020 11:20:46 +0100
Subject: [PATCH] privsep: Allow __NR_mmap for seccomp

Some malloc implementations might use it rather than brk.
---
 src/privsep-linux.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/src/privsep-linux.c b/src/privsep-linux.c
index 3f0cb123..789c9d80 100644
--- a/src/privsep-linux.c
+++ b/src/privsep-linux.c
@@ -238,6 +238,9 @@ static struct sock_filter ps_seccomp_filter[] = {
 	/* SECCOMP BPF is newer than nl80211 so we don't need SIOCGIWESSID
 	 * which lives in the impossible to include linux/wireless.h header */
 #endif
+#ifdef __NR_mmap
+	SECCOMP_ALLOW(__NR_mmap),
+#endif
 #ifdef __NR_munmap
 	SECCOMP_ALLOW(__NR_munmap),
 #endif
-- 
2.47.2