summaryrefslogtreecommitdiff
path: root/lib-src
diff options
context:
space:
mode:
Diffstat (limited to 'lib-src')
-rw-r--r--lib-src/seccomp-filter.c5
1 files changed, 5 insertions, 0 deletions
diff --git a/lib-src/seccomp-filter.c b/lib-src/seccomp-filter.c
index 041bf5c749b..e45aa0c17f6 100644
--- a/lib-src/seccomp-filter.c
+++ b/lib-src/seccomp-filter.c
@@ -206,6 +206,9 @@ main (int argc, char **argv)
SCMP_A2_32 (SCMP_CMP_MASKED_EQ,
~(PROT_NONE | PROT_READ | PROT_WRITE), 0));
+ /* Allow restartable sequences. The dynamic linker uses them. */
+ RULE (SCMP_ACT_ALLOW, SCMP_SYS (rseq));
+
/* Futexes are used everywhere. */
RULE (SCMP_ACT_ALLOW, SCMP_SYS (futex),
SCMP_A1_32 (SCMP_CMP_EQ, FUTEX_WAKE_PRIVATE));
@@ -324,6 +327,8 @@ main (int argc, char **argv)
| CLONE_SETTLS | CLONE_PARENT_SETTID
| CLONE_CHILD_CLEARTID),
0));
+ /* glibc 2.34+ pthread_create uses clone3. */
+ RULE (SCMP_ACT_ALLOW, SCMP_SYS (clone3));
RULE (SCMP_ACT_ALLOW, SCMP_SYS (sigaltstack));
RULE (SCMP_ACT_ALLOW, SCMP_SYS (set_robust_list));
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-02 15:40:35 +0000