commit: 10d0713996478d544853f08b18c09d4b73d52d58 Author: Sergei Trofimovich <slyfox <AT> gentoo <DOT> org> AuthorDate: Sun Feb 16 10:43:35 2020 +0000 Commit: Sergei Trofimovich <slyfox <AT> gentoo <DOT> org> CommitDate: Sun Feb 16 10:43:35 2020 +0000 URL: https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=10d07139
security.c: allow 'semtimedop' in seccomp sandbox (glibc-2.31) glibc-2.31 switched semop() libc implementation from semop() to semtimedop() in https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=765cdd0bffd77960a ("sysvipc: Implement semop based on semtimedop") This caused pax-utils to fail under fakeroot as: ``` $ fakeroot scanelf -yqRBF '#k%F' -k '.symtab' /bin/bash .../usr/bin/fakeroot: line 178: 103268 Bad system call ... Program terminated with signal SIGSYS, Bad system call. 33 ../sysdeps/unix/sysv/linux/semtimedop.c: No such file or directory. (gdb) bt (gdb) ``` The change whitelists 'semtimedop' syscall. Reported-by: Patrick McLean Bug: https://bugs.gentoo.org/709794 Signed-off-by: Sergei Trofimovich <slyfox <AT> gentoo.org> security.c | 1 + 1 file changed, 1 insertion(+) diff --git a/security.c b/security.c index 78e04d4..c91e514 100644 --- a/security.c +++ b/security.c @@ -162,6 +162,7 @@ static void pax_seccomp_init(bool allow_forking) SCMP_SYS(msgsnd), SCMP_SYS(semget), SCMP_SYS(semop), + SCMP_SYS(semtimedop), /* * Some targets like ppc and i386 implement the above * syscall as subcalls via ipc() syscall.
