Add getpid() to the seccomp2 sandbox.

We hadn't needed this before, because most getpid() callers on Linux
were looking at the vDSO version of getpid().  I don't know why at
least one version of OpenSSL seems to be ignoring the vDSO, but this
change should fix it.

Fixes bug 21943; bugfix on 0.2.5.1-alpha when the sandbox was
introduced.

diff --git a/src/common/sandbox.c b/src/common/sandbox.c
index ebc843e130e5ccdd569366d444d72cd5f1194e50..95c9f83b8da4c01128b5b5f870d2d2df45fb2a4d 100644 (file)
--- a/src/common/sandbox.c
+++ b/src/common/sandbox.c
@@ -155,6 +155,7 @@ static int filter_nopar_gen[] = {
 #ifdef __NR_getgid32
     SCMP_SYS(getgid32),
 #endif
+    SCMP_SYS(getpid),
 #ifdef __NR_getrlimit
     SCMP_SYS(getrlimit),
 #endif