diff options
author | Darren Tucker <dtucker@dtucker.net> | 2019-11-13 23:19:35 +1100 |
---|---|---|
committer | Colin Watson <cjwatson@debian.org> | 2020-02-19 11:49:55 +0000 |
commit | cb38e55b8af8756b2d6d6f6a1c1a5f949e15b980 (patch) | |
tree | 5e04ef2d74edaacd695d681f6a70cfe4f43382db | |
parent | 7ee24da2b84bf463dd5e8611479fa7a5acaa40e4 (diff) |
seccomp: Allow clock_nanosleep() in sandbox.
seccomp: Allow clock_nanosleep() to make OpenSSH working with latest
glibc. Patch from Jakub Jelen <jjelen@redhat.com> via bz #3093.
Origin: upstream, https://anongit.mindrot.org/openssh.git/commit/?id=b1c82f4b8adf3f42476d8a1f292df33fb7aa1a56
Origin: upstream, https://anongit.mindrot.org/openssh.git/commit/?id=546274a6f89489d2e6be8a8b62f2bb63c87a61fd
Last-Update: 2020-01-11
Patch-Name: sandbox-seccomp-clock_nanosleep.patch
-rw-r--r-- | sandbox-seccomp-filter.c | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/sandbox-seccomp-filter.c b/sandbox-seccomp-filter.c index b5cda70bb..be2397671 100644 --- a/sandbox-seccomp-filter.c +++ b/sandbox-seccomp-filter.c | |||
@@ -242,6 +242,9 @@ static const struct sock_filter preauth_insns[] = { | |||
242 | #ifdef __NR_nanosleep | 242 | #ifdef __NR_nanosleep |
243 | SC_ALLOW(__NR_nanosleep), | 243 | SC_ALLOW(__NR_nanosleep), |
244 | #endif | 244 | #endif |
245 | #ifdef __NR_clock_nanosleep | ||
246 | SC_ALLOW(__NR_clock_nanosleep), | ||
247 | #endif | ||
245 | #ifdef __NR__newselect | 248 | #ifdef __NR__newselect |
246 | SC_ALLOW(__NR__newselect), | 249 | SC_ALLOW(__NR__newselect), |
247 | #endif | 250 | #endif |