diff options
| author | Philipp Stephani <phst@google.com> | 2021-04-11 19:42:44 +0200 |
|---|---|---|
| committer | Philipp Stephani <phst@google.com> | 2021-04-11 19:50:45 +0200 |
| commit | ea5ea09244b762008bba509d8c58bad5835fb949 (patch) | |
| tree | c78e48463aae2a04d348f77afdf3f4670374e58e /lib-src/seccomp-filter.c | |
| parent | 751e801f90339480ea43fc2237fc45c8eb39bd6f (diff) | |
| download | emacs-ea5ea09244b762008bba509d8c58bad5835fb949.tar.gz emacs-ea5ea09244b762008bba509d8c58bad5835fb949.tar.bz2 emacs-ea5ea09244b762008bba509d8c58bad5835fb949.zip | |
Seccomp filter: allow reading the current time (Bug#47708).
* lib-src/seccomp-filter.c (main): Allow reading the current time.
Diffstat (limited to 'lib-src/seccomp-filter.c')
| -rw-r--r-- | lib-src/seccomp-filter.c | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/lib-src/seccomp-filter.c b/lib-src/seccomp-filter.c index e4d56e01b4d..9d25a5fe142 100644 --- a/lib-src/seccomp-filter.c +++ b/lib-src/seccomp-filter.c @@ -40,6 +40,7 @@ human-readable representation to out.pfc. */ #include <stdlib.h> #include <stdint.h> #include <stdio.h> +#include <time.h> #include <sys/ioctl.h> #include <sys/mman.h> @@ -286,6 +287,12 @@ main (int argc, char **argv) RULE (SCMP_ACT_ALLOW, SCMP_SYS (sigprocmask)); RULE (SCMP_ACT_ALLOW, SCMP_SYS (rt_sigprocmask)); + /* Allow reading the current time. */ + RULE (SCMP_ACT_ALLOW, SCMP_SYS (clock_gettime), + SCMP_A0_32 (SCMP_CMP_EQ, CLOCK_REALTIME)); + RULE (SCMP_ACT_ALLOW, SCMP_SYS (time)); + RULE (SCMP_ACT_ALLOW, SCMP_SYS (gettimeofday)); + /* Allow timer support. */ RULE (SCMP_ACT_ALLOW, SCMP_SYS (timer_create)); RULE (SCMP_ACT_ALLOW, SCMP_SYS (timerfd_create)); |