Commit ea5ea092 authored by Philipp Stephani's avatar Philipp Stephani
Browse files

Seccomp filter: allow reading the current time (Bug#47708).

* lib-src/seccomp-filter.c (main): Allow reading the current time.
parent 751e801f
Pipeline #10261 passed with stages
in 13 minutes and 19 seconds
......@@ -40,6 +40,7 @@ human-readable representation to out.pfc. */
#include <stdlib.h>
#include <stdint.h>
#include <stdio.h>
#include <time.h>
#include <sys/ioctl.h>
#include <sys/mman.h>
......@@ -286,6 +287,12 @@ main (int argc, char **argv)
RULE (SCMP_ACT_ALLOW, SCMP_SYS (sigprocmask));
RULE (SCMP_ACT_ALLOW, SCMP_SYS (rt_sigprocmask));
/* Allow reading the current time. */
RULE (SCMP_ACT_ALLOW, SCMP_SYS (clock_gettime),
SCMP_A0_32 (SCMP_CMP_EQ, CLOCK_REALTIME));
RULE (SCMP_ACT_ALLOW, SCMP_SYS (time));
RULE (SCMP_ACT_ALLOW, SCMP_SYS (gettimeofday));
/* Allow timer support. */
RULE (SCMP_ACT_ALLOW, SCMP_SYS (timer_create));
RULE (SCMP_ACT_ALLOW, SCMP_SYS (timerfd_create));
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment