From f2a784e2fc28b169b2c70ed9dd72d9aaa9dec68a Mon Sep 17 00:00:00 2001
From: Felipe Borges <felipeborges@gnome.org>
Date: Tue, 9 May 2017 15:17:27 +0200
Subject: [PATCH] libtracker-common: Whitelist openat()

tracker-extract-iso depends on libosinfo, which needs the
openat system call.
---
 src/libtracker-common/tracker-seccomp.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/src/libtracker-common/tracker-seccomp.c b/src/libtracker-common/tracker-seccomp.c
index 1af380c93..e02dc2fd9 100644
--- a/src/libtracker-common/tracker-seccomp.c
+++ b/src/libtracker-common/tracker-seccomp.c
@@ -159,6 +159,8 @@ tracker_seccomp_init (void)
 	ALLOW_RULE (getsockname);
 	ALLOW_RULE (getpeername);
 	ALLOW_RULE (shutdown);
+        /* Needed by libosinfo (tracker-extract-iso) */
+        ALLOW_RULE (openat);
 
 	/* Special requirements for socket/socketpair, only on AF_UNIX/AF_LOCAL */
 	if (seccomp_rule_add (ctx, SCMP_ACT_ALLOW, SCMP_SYS(socket), 1,
-- 
2.12.2