sandbox: Allow getrandom, used by Hardened Malloc

Fixes Savannah bug #56767. * lib/sandbox.c (make_seccomp_filter): Allow getrandom. * NEWS: Document this.
author: Colin Watson <cjwatson@debian.org> 2019-08-21 14:30:42 +0100
committer: Colin Watson <cjwatson@debian.org> 2019-08-21 14:30:42 +0100
commit: 0951f82c611c4a3c14271b0fa9c4919c84b7afe7 (patch)
tree: 978cfc97f75348a72b3fe007de3013a214f757c0 /lib
parent: ddc812e160e41871be0d80d8ab43ff8dfa48bb7a (diff)
1 files changed, 1 insertions, 0 deletions
diff --git a/lib/sandbox.c b/lib/sandbox.c
index cabe70ff..596805ab 100644
--- a/lib/sandbox.c
+++ b/lib/sandbox.c
@@ -488,6 +488,7 @@ static scmp_filter_ctx make_seccomp_filter (int permissive)
 	SC_ALLOW ("brk");
 	SC_ALLOW ("fadvise64");
 	SC_ALLOW ("fadvise64_64");
+	SC_ALLOW ("getrandom");
 	if (permissive)
 		SC_ALLOW ("ioctl");
 	else {
author	Colin Watson <cjwatson@debian.org>	2019-08-21 14:30:42 +0100
committer	Colin Watson <cjwatson@debian.org>	2019-08-21 14:30:42 +0100
commit	0951f82c611c4a3c14271b0fa9c4919c84b7afe7 (patch)
tree	978cfc97f75348a72b3fe007de3013a214f757c0 /lib
parent	ddc812e160e41871be0d80d8ab43ff8dfa48bb7a (diff)