[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
master ea5ea09: Seccomp filter: allow reading the current time (Bug#4770
From: |
Philipp Stephani |
Subject: |
master ea5ea09: Seccomp filter: allow reading the current time (Bug#47708). |
Date: |
Sun, 11 Apr 2021 13:52:37 -0400 (EDT) |
branch: master
commit ea5ea09244b762008bba509d8c58bad5835fb949
Author: Philipp Stephani <phst@google.com>
Commit: Philipp Stephani <phst@google.com>
Seccomp filter: allow reading the current time (Bug#47708).
* lib-src/seccomp-filter.c (main): Allow reading the current time.
---
lib-src/seccomp-filter.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/lib-src/seccomp-filter.c b/lib-src/seccomp-filter.c
index e4d56e0..9d25a5f 100644
--- a/lib-src/seccomp-filter.c
+++ b/lib-src/seccomp-filter.c
@@ -40,6 +40,7 @@ human-readable representation to out.pfc. */
#include <stdlib.h>
#include <stdint.h>
#include <stdio.h>
+#include <time.h>
#include <sys/ioctl.h>
#include <sys/mman.h>
@@ -286,6 +287,12 @@ main (int argc, char **argv)
RULE (SCMP_ACT_ALLOW, SCMP_SYS (sigprocmask));
RULE (SCMP_ACT_ALLOW, SCMP_SYS (rt_sigprocmask));
+ /* Allow reading the current time. */
+ RULE (SCMP_ACT_ALLOW, SCMP_SYS (clock_gettime),
+ SCMP_A0_32 (SCMP_CMP_EQ, CLOCK_REALTIME));
+ RULE (SCMP_ACT_ALLOW, SCMP_SYS (time));
+ RULE (SCMP_ACT_ALLOW, SCMP_SYS (gettimeofday));
+
/* Allow timer support. */
RULE (SCMP_ACT_ALLOW, SCMP_SYS (timer_create));
RULE (SCMP_ACT_ALLOW, SCMP_SYS (timerfd_create));
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- master ea5ea09: Seccomp filter: allow reading the current time (Bug#47708).,
Philipp Stephani <=