From de3872656a8d3a79ca3d5fc55f1b64c4862b4c8a Mon Sep 17 00:00:00 2001
From: Nick Mathewson <nickm@torproject.org>
Date: Sun, 27 Mar 2022 18:34:25 -0400
Subject: Sandbox: Permit the clone3 system call

Apparently glibc-2.34 uses clone3, when previously it just used
clone.

Closes ticket #40590.
---
 src/lib/sandbox/sandbox.c | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'src/lib')

diff --git a/src/lib/sandbox/sandbox.c b/src/lib/sandbox/sandbox.c
index 8f577b0660..df676fad2f 100644
--- a/src/lib/sandbox/sandbox.c
+++ b/src/lib/sandbox/sandbox.c
@@ -144,6 +144,9 @@ static int filter_nopar_gen[] = {
     SCMP_SYS(clock_gettime),
     SCMP_SYS(close),
     SCMP_SYS(clone),
+#ifdef __NR_clone3
+    SCMP_SYS(clone3),
+#endif
     SCMP_SYS(epoll_create),
     SCMP_SYS(epoll_wait),
 #ifdef __NR_epoll_pwait
-- 
cgit v1.2.3-54-g00ecf