commit 6827d2781e8aaaa6aad1e32026a21863070c90f4
from: Omar Polo <op@omarpolo.com>
date: Wed Feb 10 19:20:59 2021 UTC

[seccomp] allow newfstatat and gettimeofday

these are required to run on arch linux (at least)

commit - 4c857c0afcb7d76cb03323ba7d0dfef60b27589f
commit + 6827d2781e8aaaa6aad1e32026a21863070c90f4
blob - d71ac08818023c1f1c05eae45f6367337d19b6b6
blob + 5ac0c783dd1596c4baa5198ed89b134917f3e3b0
--- sandbox.c
+++ sandbox.c
@@ -160,6 +160,7 @@ sandbox()
 		SC_ALLOW(read),
 		SC_ALLOW(openat),
 		SC_ALLOW(fstat),
+		SC_ALLOW(newfstatat),
 		SC_ALLOW(close),
 		SC_ALLOW(lseek),
 		SC_ALLOW(brk),
@@ -182,6 +183,9 @@ sandbox()
 
 		/* void on aarch64 does a gettrandom */
 		SC_ALLOW(getrandom),
+
+		/* arch on amd64 */
+		SC_ALLOW(gettimeofday),
 
 		/* for directory listing */
 		SC_ALLOW(getdents64),