diff options
| author | Darren Tucker <dtucker@dtucker.net> | 2018-04-13 16:06:29 +1000 |
|---|---|---|
| committer | Darren Tucker <dtucker@dtucker.net> | 2018-04-13 16:06:29 +1000 |
| commit | 0e73428038d5ecfa5d2a28cff26661502a7aff4e (patch) | |
| tree | c54abba8e6f44872dacff95d8fa201223ff07515 /sandbox-seccomp-filter.c | |
| parent | e9d910b0289c820852f7afa67f584cef1c05fe95 (diff) | |
Allow nanosleep in preauth privsep child.
The new timing attack mitigation code uses nanosleep in the preauth
codepath, allow in sandbox.
Diffstat (limited to 'sandbox-seccomp-filter.c')
| -rw-r--r-- | sandbox-seccomp-filter.c | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/sandbox-seccomp-filter.c b/sandbox-seccomp-filter.c index ca75cc719..a189b2fb5 100644 --- a/sandbox-seccomp-filter.c +++ b/sandbox-seccomp-filter.c | |||
| @@ -193,6 +193,9 @@ static const struct sock_filter preauth_insns[] = { | |||
| 193 | #ifdef __NR_munmap | 193 | #ifdef __NR_munmap |
| 194 | SC_ALLOW(__NR_munmap), | 194 | SC_ALLOW(__NR_munmap), |
| 195 | #endif | 195 | #endif |
| 196 | #ifdef __NR_nanosleep | ||
| 197 | SC_ALLOW(__NR_nanosleep), | ||
| 198 | #endif | ||
| 196 | #ifdef __NR__newselect | 199 | #ifdef __NR__newselect |
| 197 | SC_ALLOW(__NR__newselect), | 200 | SC_ALLOW(__NR__newselect), |
| 198 | #endif | 201 | #endif |