From 03875f1ea5c4c0eeeb30a7d1fc5fdd53236f4ac2 Mon Sep 17 00:00:00 2001
From: Miroslav Lichvar <mlichvar@redhat.com>
Date: Tue, 21 Oct 2025 14:06:38 +0200
Subject: [PATCH] sys_linux: allow ioctl(TCGETS2) in seccomp filter

Add TCGETS2 to the list of allowed ioctls. It seems to be called by the
latest glibc version from isatty(), which is called from libpcsclite
used by gnutls in an NTS-KE session.

Include the linux termios header instead of glibc header to get a usable
definition of TCGETS2.
---
 sys_linux.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/sys_linux.c b/sys_linux.c
index ca5540f..e20e459 100644
--- a/sys_linux.c
+++ b/sys_linux.c
@@ -48,7 +48,7 @@
 #ifdef FEAT_SCFILTER
 #include <sys/prctl.h>
 #include <seccomp.h>
-#include <termios.h>
+#include <linux/termios.h>
 #ifdef FEAT_PPS
 #include <linux/pps.h>
 #endif
@@ -615,7 +615,7 @@ SYS_Linux_EnableSystemCallFilter(int level, SYS_ProcessContext context)
   const static int fcntls[] = { F_GETFD, F_SETFD, F_GETFL, F_SETFL };
 
   const static unsigned long ioctls[] = {
-    FIONREAD, TCGETS, TIOCGWINSZ,
+    FIONREAD, TCGETS, TCGETS2, TIOCGWINSZ,
 #if defined(FEAT_PHC) || defined(HAVE_LINUX_TIMESTAMPING)
     PTP_EXTTS_REQUEST, PTP_SYS_OFFSET,
 #ifdef PTP_PIN_SETFUNC