security: whitelist the futex syscall

When building with openmp, often libpthread is linked in and code automatically generated using it. That means lower mutexes end up calling the futex syscall. This isn't just when pax-utils is built with openmp, but it also applies when libraries it links with are built with openmp. Reported-by: florianmey@gmx.de URL: https://bugs.gentoo.org/559814
author: Mike Frysinger <vapier@gentoo.org> 2015-09-19 01:08:46 -0400
committer: Mike Frysinger <vapier@gentoo.org> 2015-09-19 01:08:46 -0400
commit: 1f7a936b5cd7673275540ef73fdeb29fba821a15 (patch)
tree: 09c85f74189443e2653fc847a13af29bb308530f /security.c
parent: security: whitelist dup syscalls (diff)
download: pax-utils-1f7a936b5cd7673275540ef73fdeb29fba821a15.tar.gz
pax-utils-1f7a936b5cd7673275540ef73fdeb29fba821a15.tar.bz2
pax-utils-1f7a936b5cd7673275540ef73fdeb29fba821a15.zip
1 files changed, 3 insertions, 0 deletions
diff --git a/security.c b/security.c
index da881e8..af06dcb 100644
--- a/security.c
+++ b/security.c
@@ -123,6 +123,9 @@ static void pax_seccomp_init(bool allow_forking)
 		SCMP_SYS(_llseek),
 		SCMP_SYS(mprotect),
 
+		/* Syscalls listed because of compiler settings.  */
+		SCMP_SYS(futex),
+
 		/* Syscalls listed because of sandbox.  */
 		SCMP_SYS(readlink),
author	Mike Frysinger <vapier@gentoo.org>	2015-09-19 01:08:46 -0400
committer	Mike Frysinger <vapier@gentoo.org>	2015-09-19 01:08:46 -0400
commit	1f7a936b5cd7673275540ef73fdeb29fba821a15 (patch)
tree	09c85f74189443e2653fc847a13af29bb308530f /security.c
parent	security: whitelist dup syscalls (diff)
download	pax-utils-1f7a936b5cd7673275540ef73fdeb29fba821a15.tar.gz pax-utils-1f7a936b5cd7673275540ef73fdeb29fba821a15.tar.bz2 pax-utils-1f7a936b5cd7673275540ef73fdeb29fba821a15.zip