From f05a4cdf5a0363e1c12f00c034afb60e7ea0c775 Mon Sep 17 00:00:00 2001
From: Hennadii Stepanov <32963518+hebasto@users.noreply.github.com>
Date: Mon, 28 Mar 2022 09:14:29 +0200
Subject: [PATCH] util: Add inotify_rm_watch to syscall sandbox
 (AllowFileSystem)

---
 src/util/syscall_sandbox.cpp | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/util/syscall_sandbox.cpp b/src/util/syscall_sandbox.cpp
index efc58914b6..a05efac602 100644
--- a/src/util/syscall_sandbox.cpp
+++ b/src/util/syscall_sandbox.cpp
@@ -592,6 +592,7 @@ public:
         allowed_syscalls.insert(__NR_getcwd);          // get current working directory
         allowed_syscalls.insert(__NR_getdents);        // get directory entries
         allowed_syscalls.insert(__NR_getdents64);      // get directory entries
+        allowed_syscalls.insert(__NR_inotify_rm_watch);// remove an existing watch from an inotify instance
         allowed_syscalls.insert(__NR_linkat);          // create relative to a directory file descriptor
         allowed_syscalls.insert(__NR_lstat);           // get file status
         allowed_syscalls.insert(__NR_mkdir);           // create a directory