From: Lennart Poettering <lennart@poettering.net>
Date: Thu, 28 Mar 2019 09:01:09 +0000 (+0100)
Subject: seccomp: add rseq() to default list of syscalls to whitelist
X-Git-Tag: v242~89^2~1
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=6fee3be0b4929d5641bf1c850fce7884b6d1e44e;p=platform%2Fupstream%2Fsystemd.git

seccomp: add rseq() to default list of syscalls to whitelist

Apparently glibc is going to call this implicitly soon, hence let's
whitelist this by default.

Fixes: #12127
---

diff --git a/src/shared/seccomp-util.c b/src/shared/seccomp-util.c
index 905be0f..ba3f433 100644
--- a/src/shared/seccomp-util.c
+++ b/src/shared/seccomp-util.c
@@ -291,6 +291,7 @@ const SyscallFilterSet syscall_filter_sets[_SYSCALL_FILTER_SET_MAX] = {
                 "pause\0"
                 "prlimit64\0"
                 "restart_syscall\0"
+                "rseq\0"
                 "rt_sigreturn\0"
                 "sched_yield\0"
                 "set_robust_list\0"