sandbox: Allow sched_getaffinity

This is used by xz-utils >= 5.2.3 if the --threads=0 option is in use (perhaps via XZ_DEFAULTS or XZ_OPT). Reported by Axel Rohde. * lib/sandbox.c (make_seccomp_filter): Allow sched_getaffinity. * NEWS: Document this.
author: Colin Watson <cjwatson@debian.org> 2018-04-22 23:02:55 +0100
committer: Colin Watson <cjwatson@debian.org> 2018-04-22 23:02:55 +0100
commit: 8fa6fb5eca612600b3a3d8da811f8345afec102e (patch)
tree: 133bf9af6e689aa2b3922bdb96d516ae370572d6 /lib
parent: 355bdb4f7058ae7d34163a40d582d3acd52abb85 (diff)
1 files changed, 1 insertions, 0 deletions
diff --git a/lib/sandbox.c b/lib/sandbox.c
index 95d02949..fcadab1c 100644
--- a/lib/sandbox.c
+++ b/lib/sandbox.c
@@ -497,6 +497,7 @@ static scmp_filter_ctx make_seccomp_filter (int permissive)
 	SC_ALLOW ("madvise");
 	SC_ALLOW ("mprotect");
 	SC_ALLOW ("mremap");
+	SC_ALLOW ("sched_getaffinity");
 	SC_ALLOW ("sync_file_range2");
 	SC_ALLOW ("sysinfo");
 	SC_ALLOW ("uname");
author	Colin Watson <cjwatson@debian.org>	2018-04-22 23:02:55 +0100
committer	Colin Watson <cjwatson@debian.org>	2018-04-22 23:02:55 +0100
commit	8fa6fb5eca612600b3a3d8da811f8345afec102e (patch)
tree	133bf9af6e689aa2b3922bdb96d516ae370572d6 /lib
parent	355bdb4f7058ae7d34163a40d582d3acd52abb85 (diff)