From b54bd5d3b7b1a60cc69b7df243b906f3e94d4d3c Mon Sep 17 00:00:00 2001
From: Colin Watson <cjwatson@debian.org>
Date: Wed, 21 Aug 2019 14:30:42 +0100
Subject: sandbox: Allow getrandom, used by Hardened Malloc

Fixes Savannah bug #56767.

* lib/sandbox.c (make_seccomp_filter): Allow getrandom.

Origin: upstream, https://gitlab.com/man-db/man-db/-/commit/0951f82c611c4a3c14271b0fa9c4919c84b7afe7
Bug: https://savannah.nongnu.org/bugs/?56767
Bug-Debian: https://bugs.debian.org/1061870
Last-Update: 2024-01-31

Patch-Name: seccomp-getrandom.patch
---
 lib/sandbox.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/lib/sandbox.c b/lib/sandbox.c
index c097482b..ce91936e 100644
--- a/lib/sandbox.c
+++ b/lib/sandbox.c
@@ -488,6 +488,7 @@ static scmp_filter_ctx make_seccomp_filter (int permissive)
 	SC_ALLOW ("brk");
 	SC_ALLOW ("fadvise64");
 	SC_ALLOW ("fadvise64_64");
+	SC_ALLOW ("getrandom");
 	if (permissive)
 		SC_ALLOW ("ioctl");
 	else {