[rp-download, rpcli] os-secure_linux.c: Added openat2() for Linux 5.6.

It's not out yet, but it's a fairly safe bet that an upcoming release of
glibc will start to use it for things.

src/rp-download/os-secure_linux.c

@@ -78,8 +78,11 @@ int rp_download_os_secure(void)
 	seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(mkdir), 0);
 	seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(mmap), 0);
 	seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(munmap), 0);
-	seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(open), 0);
-	seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(openat), 0);
+	seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(open), 0);	// Ubuntu 16.04
+	seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(openat), 0);	// glibc-2.31
+#ifdef __NR_openat2
+	seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(openat2), 0);	// Linux 5.6
+#endif /* __NR_openat2 */
 	seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(poll), 0);
 	seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(select), 0);
 	seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(stat), 0);

src/rpcli/os-secure_linux.c

@@ -73,6 +73,9 @@ int rpcli_os_secure(void)
 	seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(munmap), 0);
 	seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(open), 0);	// Ubuntu 16.04
 	seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(openat), 0);	// glibc-2.31
+#ifdef __NR_openat2
+	seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(openat2), 0);	// Linux 5.6
+#endif /* __NR_openat2 */
 
 	// KeyManager (keys.conf)
 	seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(access), 0);	// LibUnixCommon::isWritableDirectory()