Merge pull request #1614 from Inform-Software/sandbox-futex

Allow futex syscall in sandbox, fixes #1612.
universal-ctags · Dec 12, 2017 · ec924da · ec924da
2 parents 248cffc + f384fde
commit ec924da
Showing 1 changed file with 3 additions and 0 deletions.
diff --git a/main/seccomp.c b/main/seccomp.c
@@ -46,6 +46,9 @@ int installSyscallFilter (void)
 	// main/parse.c:2764 : tagFilePosition (&tagfpos);
 	seccomp_rule_add (ctx, SCMP_ACT_ALLOW, SCMP_SYS (lseek), 0);
 
+	// libxml2 uses pthread_once, which in turn uses a futex
+	seccomp_rule_add (ctx, SCMP_ACT_ALLOW, SCMP_SYS (futex), 0);
+
 	verbose ("Entering sandbox\n");
 	int err = seccomp_load (ctx);
 	if (err < 0)