From 2ca648068fa1fcfca5da72383babe1abce2e4ee8 Mon Sep 17 00:00:00 2001
From: Pip Cet <pipcet@protonmail.com>
Date: Wed, 25 Mar 2026 13:09:48 +0000
Subject: [PATCH] Allow retrieving scheduler information in seccomp (bug#80656)

* lib-src/seccomp-filter.c (main): Add rules for 'sched_getscheduler'
and 'sched_getaffinity'.
---
 lib-src/seccomp-filter.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/lib-src/seccomp-filter.c b/lib-src/seccomp-filter.c
index b9558ba3da7..a8cdc6e06f9 100644
--- a/lib-src/seccomp-filter.c
+++ b/lib-src/seccomp-filter.c
@@ -316,6 +316,11 @@ main (int argc, char **argv)
 	SCMP_A0_32 (SCMP_CMP_EQ, 0) /* pid == 0 (current process) */,
         SCMP_A2_64 (SCMP_CMP_EQ, 0) /* new_limit == NULL */);
 
+  /* Allow reading the scheduler policy and affinity, so num_processors
+     can determine the number of usable CPUs.  */
+  RULE0 (SCMP_ACT_ALLOW, SCMP_SYS (sched_getaffinity));
+  RULE0 (SCMP_ACT_ALLOW, SCMP_SYS (sched_getscheduler));
+
   /* Block changing resource limits, but don't crash.  */
   RULE (SCMP_ACT_ERRNO (EPERM), SCMP_SYS (prlimit64),
         SCMP_A0_32 (SCMP_CMP_EQ, 0) /* pid == 0 (current process) */,