From cf68500238be78599e5ada480345af47e3359abf Mon Sep 17 00:00:00 2001
From: wangshuo <wangshuo@kylinos.cn>
Date: Mon, 13 Jan 2025 14:35:41 +0800
Subject: [PATCH] libtracker-miners-common: Add more seccomp rules

Fix the SIGSYS coredump issue that occurs when executing the /usr/libexec/tracker-extract-3 command:
__GI___access (file=0xffffb936fc78 "/.flatpak-info", type=type@entry=0) at ../sysdeps/unix/sysv/linux/access.c:29
__GI___mkdir (path=path@entry=0xaaaaaab37980 "/root/.cache/tracker3/files/errors", mode=mode@entry=448) at ../sysdeps/unix/sysv/linux/generic/mkdir.c:31

See also:
https://gitlab.gnome.org/GNOME/localsearch/-/commit/30b24e9d379458b66f2465422821a66bec3a749b
https://gitlab.gnome.org/GNOME/localsearch/-/commit/2c45c7024b96dd9f989b0dd0258574e323ce032c
https://gitlab.gnome.org/GNOME/localsearch/-/issues/128
---
 src/libtracker-miners-common/tracker-seccomp.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/src/libtracker-miners-common/tracker-seccomp.c b/src/libtracker-miners-common/tracker-seccomp.c
index a2b7ed9..32c24e2 100644
--- a/src/libtracker-miners-common/tracker-seccomp.c
+++ b/src/libtracker-miners-common/tracker-seccomp.c
@@ -102,6 +102,7 @@ tracker_seccomp_init (void)
 	ALLOW_RULE (statx);
         ALLOW_RULE (fstatfs);
 	ALLOW_RULE (access);
+	ALLOW_RULE (faccessat);
 	ALLOW_RULE (getdents);
 	ALLOW_RULE (getdents64);
 	ALLOW_RULE (readlink);
@@ -173,6 +174,7 @@ tracker_seccomp_init (void)
        ERROR_RULE (inotify_init, EINVAL);
 
        ERROR_RULE (mkdir, EPERM);
+       ERROR_RULE (mkdirat, EPERM);
        ERROR_RULE (rename, EPERM);
        ERROR_RULE (unlink, EPERM);
        ERROR_RULE (ioctl, EBADF);
-- 
2.27.0