From f384fdecad2044e2cf0f76d8013dbdb64c424b7a Mon Sep 17 00:00:00 2001
From: Tobias Gruetzmacher <tobias-git@23.gs>
Date: Mon, 11 Dec 2017 23:33:15 +0100
Subject: [PATCH] Allow futex syscall in sandbox, fixes #1612.

---
 main/seccomp.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/main/seccomp.c b/main/seccomp.c
index f93e9ed9a2..57b01e11dc 100644
--- a/main/seccomp.c
+++ b/main/seccomp.c
@@ -46,6 +46,9 @@ int installSyscallFilter (void)
 	// main/parse.c:2764 : tagFilePosition (&tagfpos);
 	seccomp_rule_add (ctx, SCMP_ACT_ALLOW, SCMP_SYS (lseek), 0);
 
+	// libxml2 uses pthread_once, which in turn uses a futex
+	seccomp_rule_add (ctx, SCMP_ACT_ALLOW, SCMP_SYS (futex), 0);
+
 	verbose ("Entering sandbox\n");
 	int err = seccomp_load (ctx);
 	if (err < 0)