https://github.com/file/file/commit/339bdef41536d63ffacd2e48082d195a1e3617b9

From 339bdef41536d63ffacd2e48082d195a1e3617b9 Mon Sep 17 00:00:00 2001
From: Christos Zoulas <christos@zoulas.com>
Date: Thu, 28 Nov 2024 14:04:24 +0000
Subject: [PATCH] Sort, add rseq (Cristian Rodriguez)

---
 src/seccomp.c | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/src/seccomp.c b/src/seccomp.c
index ce8243300..9e00034ad 100644
--- a/src/seccomp.c
+++ b/src/seccomp.c
@@ -27,7 +27,7 @@
 #include "file.h"
 
 #ifndef	lint
-FILE_RCSID("@(#)$File: seccomp.c,v 1.29 2024/09/29 16:49:25 christos Exp $")
+FILE_RCSID("@(#)$File: seccomp.c,v 1.30 2024/11/28 14:04:24 christos Exp $")
 #endif	/* lint */
 
 #if HAVE_LIBSECCOMP
@@ -103,6 +103,8 @@ enable_sandbox(void)
 #ifdef __NR_getdents64
 	ALLOW_RULE(getdents64);
 #endif
+	ALLOW_RULE(getpid);	// Used by glibc in file_pipe2file()
+	ALLOW_RULE(getrandom);	// Used by glibc in file_pipe2file()
 #ifdef FIONREAD
 	// called in src/compress.c under sread
 	ALLOW_IOCTL_RULE(FIONREAD);
@@ -136,6 +138,7 @@ enable_sandbox(void)
 #ifdef __NR_readlinkat
 	ALLOW_RULE(readlinkat);
 #endif
+	ALLOW_RULE(rseq);	// Used by glibc to randomize malloc
 	ALLOW_RULE(rt_sigaction);
 	ALLOW_RULE(rt_sigprocmask);
 	ALLOW_RULE(rt_sigreturn);
@@ -145,8 +148,6 @@ enable_sandbox(void)
 	ALLOW_RULE(stat64);
 	ALLOW_RULE(sysinfo);
 	ALLOW_RULE(umask);	// Used in file_pipe2file()
-	ALLOW_RULE(getpid);	// Used by glibc in file_pipe2file()
-	ALLOW_RULE(getrandom);	// Used by glibc in file_pipe2file()
 	ALLOW_RULE(unlink);
 	ALLOW_RULE(utimes);
 	ALLOW_RULE(write);