From fa455975e52db3296a36fde827755cf91321fc2f Mon Sep 17 00:00:00 2001
From: MarcoFalke <falke.marco@gmail.com>
Date: Mon, 14 Feb 2022 17:20:40 +0100
Subject: [PATCH] util: Add missing unlinkat to syscall sandbox

---
 src/util/syscall_sandbox.cpp | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/util/syscall_sandbox.cpp b/src/util/syscall_sandbox.cpp
index 4157be9d9f7..f513dba5987 100644
--- a/src/util/syscall_sandbox.cpp
+++ b/src/util/syscall_sandbox.cpp
@@ -600,6 +600,7 @@ class SeccompPolicyBuilder
         allowed_syscalls.insert(__NR_statfs);          // get filesystem statistics
         allowed_syscalls.insert(__NR_statx);           // get file status (extended)
         allowed_syscalls.insert(__NR_unlink);          // delete a name and possibly the file it refers to
+        allowed_syscalls.insert(__NR_unlinkat);        // delete relative to a directory file descriptor
     }
 
     void AllowFutex()