From ed64976cec43f9f067a40fc6921b5513a19fd757 Mon Sep 17 00:00:00 2001
From: aszlig <aszlig@redmoonstudios.org>
Date: Wed, 16 Nov 2016 17:25:00 +0100
Subject: seccomp: Forge return codes for POSIX ACL syscalls

Commands such as "cp -p" also use fsetxattr() in addition to fchown(),
so we need to make sure these syscalls always return successful as well
in order to avoid nasty "Invalid value" errors.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
---
 src/libstore/build.cc | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'src/libstore')

diff --git a/src/libstore/build.cc b/src/libstore/build.cc
index 6c6d0dee36ff..6fc6220e0524 100644
--- a/src/libstore/build.cc
+++ b/src/libstore/build.cc
@@ -1659,6 +1659,10 @@ void setupSeccomp(void) {
     FORCE_SUCCESS(fchownat);
     FORCE_SUCCESS(lchown);
 
+    FORCE_SUCCESS(setxattr);
+    FORCE_SUCCESS(lsetxattr);
+    FORCE_SUCCESS(fsetxattr);
+
     if (seccomp_load(ctx) != 0) {
         seccomp_release(ctx);
         throw SysError("unable to load seccomp BPF program");
-- 
cgit 1.4.1