Allow newfstatat and fstatat64 syscalls (#1892452)

0001-libtracker-miners-common-Add-newstatat-statat64-sysc.patch

@@ -0,0 +1,26 @@
+From b3fdbaf1ab23ce7191ace6db79575dfce5f90881 Mon Sep 17 00:00:00 2001
+From: Carlos Garnacho <carlosg@gnome.org>
+Date: Sun, 25 Oct 2020 15:37:13 +0100
+Subject: [PATCH] libtracker-miners-common: Add newstatat/statat64 syscalls
+
+These are done in recent glib versions, should be observed here.
+---
+ src/libtracker-miners-common/tracker-seccomp.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/src/libtracker-miners-common/tracker-seccomp.c b/src/libtracker-miners-common/tracker-seccomp.c
+index c0327eb08..01887e829 100644
+--- a/src/libtracker-miners-common/tracker-seccomp.c
++++ b/src/libtracker-miners-common/tracker-seccomp.c
+@@ -91,6 +91,8 @@ tracker_seccomp_init (void)
+ 	/* Basic filesystem access */
+ 	ALLOW_RULE (fstat);
+ 	ALLOW_RULE (fstat64);
++	ALLOW_RULE (fstatat64);
++	ALLOW_RULE (newfstatat);
+ 	ALLOW_RULE (stat);
+ 	ALLOW_RULE (stat64);
+ 	ALLOW_RULE (statfs);
+-- 
+2.29.2
+

tracker-miners.spec

@@ -18,13 +18,15 @@
 
 Name:           tracker-miners
 Version:        2.3.5
-Release:        1%{?dist}
+Release:        2%{?dist}
 Summary:        Tracker miners and metadata extractors
 
 # libtracker-extract is LGPLv2+; the miners are a mix of GPLv2+ and LGPLv2+ code
 License:        GPLv2+ and LGPLv2+
 URL:            https://wiki.gnome.org/Projects/Tracker
 Source0:        https://download.gnome.org/sources/%{name}/2.3/%{name}-%{version}.tar.xz
+# Allow newfstatat and fstatat64 calls in seccomp sandbox (RHBZ #1892452)
+Patch0:         0001-libtracker-miners-common-Add-newstatat-statat64-sysc.patch
 
 BuildRequires:  gcc
 BuildRequires:  giflib-devel
@@ -131,6 +133,9 @@ rm -rf %{buildroot}%{_datadir}/tracker-tests
 
 
 %changelog
+* Tue Nov 03 2020 Adam Williamson <awilliam@redhat.com> - 2.3.5-2
+- Backport patch to allow newfstatat and fstatat64 syscalls (#1892452)
+
 * Mon Sep 07 2020 Kalev Lember <klember@redhat.com> - 2.3.5-1
 - Update to 2.3.5