[seccomp] Whitelist rseq syscall

Used by glibc 2.35 and later.
2024-11-22 05:20:05 +00:00 · 2022-11-15 02:30:20 +01:00 · 2022-11-15 02:30:20 +01:00 · b1eea6d4fe
commit b1eea6d4fe
parent f126b88781
1 changed files with 3 additions and 0 deletions
--- a/src/sandbox/seccomp.cpp
+++ b/src/sandbox/seccomp.cpp
@ -195,6 +195,9 @@ static sock_filter filter[] = {
    ALLOW_SYSCALL(exit_group),
    ALLOW_SYSCALL(rt_sigprocmask), // musl-libc
    ALLOW_SYSCALL(clock_nanosleep), // gets called very rarely
 #ifdef __NR_rseq
    ALLOW_SYSCALL(rseq),
 #endif
    // to crash properly on SIGSEGV
    DENY_SYSCALL_ERRNO(tgkill, EPERM),