From 90d906b90bde338b6dbc97e457c4f1955d2d8638 Mon Sep 17 00:00:00 2001
From: Tobias Stoeckmann <tobias@stoeckmann.org>
Date: Sat, 6 Feb 2021 22:57:33 +0100
Subject: [PATCH] Add newfstatat to white list.

The newfstatat system call is used in glibc 2.33 during normal
operation. This fixes a core dump (which is expected behaviour when an
illegal system call is performed) spotted and reported by abbasmaheryar
on github.

Applied suggested fix by collidedscope on github as well.

See issue #28 for more details.

Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
---
 seccomp.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/seccomp.c b/seccomp.c
index dde2ebf..656a100 100644
--- a/seccomp.c
+++ b/seccomp.c
@@ -81,6 +81,7 @@ add_common_stage2_rules(scmp_filter_ctx ctx)
 	    seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(mprotect), 0) ||
 	    seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(munmap), 0) ||
 	    seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(nanosleep), 0) ||
+	    seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(newfstatat), 0) ||
 	    seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(pipe), 0) ||
 	    seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(pipe2), 0) ||
 	    seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(poll), 0) ||