diff options
author | Darren Tucker <dtucker@dtucker.net> | 2018-04-13 16:06:29 +1000 |
---|---|---|
committer | Darren Tucker <dtucker@dtucker.net> | 2018-04-13 16:06:29 +1000 |
commit | 0e73428038d5ecfa5d2a28cff26661502a7aff4e (patch) | |
tree | c54abba8e6f44872dacff95d8fa201223ff07515 | |
parent | e9d910b0289c820852f7afa67f584cef1c05fe95 (diff) |
Allow nanosleep in preauth privsep child.
The new timing attack mitigation code uses nanosleep in the preauth
codepath, allow in sandbox.
-rw-r--r-- | sandbox-seccomp-filter.c | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/sandbox-seccomp-filter.c b/sandbox-seccomp-filter.c index ca75cc719..a189b2fb5 100644 --- a/sandbox-seccomp-filter.c +++ b/sandbox-seccomp-filter.c | |||
@@ -193,6 +193,9 @@ static const struct sock_filter preauth_insns[] = { | |||
193 | #ifdef __NR_munmap | 193 | #ifdef __NR_munmap |
194 | SC_ALLOW(__NR_munmap), | 194 | SC_ALLOW(__NR_munmap), |
195 | #endif | 195 | #endif |
196 | #ifdef __NR_nanosleep | ||
197 | SC_ALLOW(__NR_nanosleep), | ||
198 | #endif | ||
196 | #ifdef __NR__newselect | 199 | #ifdef __NR__newselect |
197 | SC_ALLOW(__NR__newselect), | 200 | SC_ALLOW(__NR__newselect), |
198 | #endif | 201 | #endif |