procyberian/emacs
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Seccomp filter: allow reading the current time (Bug#47708).

Browse source 
* lib-src/seccomp-filter.c (main): Allow reading the current time.
This commit is contained in:
Philipp Stephani 2021-04-11 19:42:44 +02:00
parent 751e801f90
commit ea5ea09244
1 changed files with 7 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
lib-src/seccomp-filter.c
View file

@ -40,6 +40,7 @@ human-readable representation to out.pfc. */
#include <stdlib.h>
#include <stdint.h>
#include <stdio.h>
#include <time.h>
#include <sys/ioctl.h>
#include <sys/mman.h>
@ -286,6 +287,12 @@ main (int argc, char **argv)
RULE (SCMP_ACT_ALLOW, SCMP_SYS (sigprocmask));
RULE (SCMP_ACT_ALLOW, SCMP_SYS (rt_sigprocmask));
/* Allow reading the current time. */
RULE (SCMP_ACT_ALLOW, SCMP_SYS (clock_gettime),
SCMP_A0_32 (SCMP_CMP_EQ, CLOCK_REALTIME));
RULE (SCMP_ACT_ALLOW, SCMP_SYS (time));
RULE (SCMP_ACT_ALLOW, SCMP_SYS (gettimeofday));
/* Allow timer support. */
RULE (SCMP_ACT_ALLOW, SCMP_SYS (timer_create));
RULE (SCMP_ACT_ALLOW, SCMP_SYS (timerfd_create));