diff options
author | Darren Tucker <dtucker@dtucker.net> | 2018-04-13 16:23:57 +1000 |
---|---|---|
committer | Darren Tucker <dtucker@dtucker.net> | 2018-04-13 16:23:57 +1000 |
commit | 1c5b4bc827f4abc3e65888cda061ad5edf1b8c7c (patch) | |
tree | 7517c29cbc34c1ed16b98551708f2348c0e9734b | |
parent | 0e73428038d5ecfa5d2a28cff26661502a7aff4e (diff) |
Allow nanosleep in preauth privsep child.
The new timing attack mitigation code uses nanosleep in the preauth
codepath, allow in systrace andbox too.
-rw-r--r-- | sandbox-systrace.c | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/sandbox-systrace.c b/sandbox-systrace.c index b4d8d04ca..add4c46d0 100644 --- a/sandbox-systrace.c +++ b/sandbox-systrace.c | |||
@@ -59,6 +59,7 @@ static const struct sandbox_policy preauth_policy[] = { | |||
59 | { SYS_getpgid, SYSTR_POLICY_PERMIT }, | 59 | { SYS_getpgid, SYSTR_POLICY_PERMIT }, |
60 | { SYS_clock_gettime, SYSTR_POLICY_PERMIT }, | 60 | { SYS_clock_gettime, SYSTR_POLICY_PERMIT }, |
61 | { SYS_gettimeofday, SYSTR_POLICY_PERMIT }, | 61 | { SYS_gettimeofday, SYSTR_POLICY_PERMIT }, |
62 | { SYS_nanosleep, SYSTR_POLICY_PERMIT }, | ||
62 | { SYS_sigprocmask, SYSTR_POLICY_PERMIT }, | 63 | { SYS_sigprocmask, SYSTR_POLICY_PERMIT }, |
63 | 64 | ||
64 | #ifdef SYS_getentropy | 65 | #ifdef SYS_getentropy |