util: Add inotify_rm_watch to syscall sandbox (AllowFileSystem)

hebasto · jonatack · commit 174af33d5d78 · 2022-03-31T10:38:11.000+02:00
Github-Pull: bitcoin#24690 Rebased-From: f05a4cd
diff --git a/src/util/syscall_sandbox.cpp b/src/util/syscall_sandbox.cpp
@@ -592,6 +592,7 @@ class SeccompPolicyBuilder
         allowed_syscalls.insert(__NR_getcwd);          // get current working directory
         allowed_syscalls.insert(__NR_getdents);        // get directory entries
         allowed_syscalls.insert(__NR_getdents64);      // get directory entries
+        allowed_syscalls.insert(__NR_inotify_rm_watch);// remove an existing watch from an inotify instance
         allowed_syscalls.insert(__NR_linkat);          // create relative to a directory file descriptor
         allowed_syscalls.insert(__NR_lstat);           // get file status
         allowed_syscalls.insert(__NR_mkdir);           // create a directory
