From 2822246b5d8154d0166e17ffd28a1d85b57d68aa Mon Sep 17 00:00:00 2001
From: Philipp Stephani <phst@google.com>
Date: Sun, 18 Apr 2021 10:33:41 +0200
Subject: [PATCH] Fix Seccomp filter on CentOS 8.3 (Bug#47828).

* lib-src/seccomp-filter.c (main): mmap: Also allow MAP_SHARED.
---
 lib-src/seccomp-filter.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/lib-src/seccomp-filter.c b/lib-src/seccomp-filter.c
index fc3c3a0c074..8f8a990661c 100644
--- a/lib-src/seccomp-filter.c
+++ b/lib-src/seccomp-filter.c
@@ -183,9 +183,9 @@ main (int argc, char **argv)
            some versions of the dynamic loader still use it.  Also
            allow allocating thread stacks.  */
         SCMP_A3_32 (SCMP_CMP_MASKED_EQ,
-                    ~(MAP_PRIVATE | MAP_FILE | MAP_ANONYMOUS
-                      | MAP_FIXED | MAP_DENYWRITE | MAP_STACK
-                      | MAP_NORESERVE),
+                    ~(MAP_SHARED | MAP_PRIVATE | MAP_FILE
+                      | MAP_ANONYMOUS | MAP_FIXED | MAP_DENYWRITE
+                      | MAP_STACK | MAP_NORESERVE),
                     0));
   RULE (SCMP_ACT_ALLOW, SCMP_SYS (mmap),
         SCMP_A2_32 (SCMP_CMP_MASKED_EQ,
-- 
2.39.5