From f376c6811505240741c790fb1cb0d7acc7a00920 Mon Sep 17 00:00:00 2001
From: dongresource <dongresource@protonmail.com>
Date: Thu, 3 Feb 2022 21:00:44 +0100
Subject: [PATCH] [seccomp] Allow clock_nanosleep()

This apparently gets called very rarely during normal operation. This
change fixes a rare server crash.
---
 src/sandbox/seccomp.cpp | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/src/sandbox/seccomp.cpp b/src/sandbox/seccomp.cpp
index 595ac89..75d6b3a 100644
--- a/src/sandbox/seccomp.cpp
+++ b/src/sandbox/seccomp.cpp
@@ -172,6 +172,7 @@ static sock_filter filter[] = {
     ALLOW_SYSCALL(exit),
     ALLOW_SYSCALL(exit_group),
     ALLOW_SYSCALL(rt_sigprocmask), // musl-libc
+    ALLOW_SYSCALL(clock_nanosleep), // gets called very rarely
 
     // to crash properly on SIGSEGV
     DENY_SYSCALL_ERRNO(tgkill, EPERM),
@@ -247,6 +248,9 @@ static sock_filter filter[] = {
 #ifdef __NR_sigreturn
     ALLOW_SYSCALL(sigreturn), // vdso
 #endif
+#ifdef __NR_clock_nanosleep_time64
+    ALLOW_SYSCALL(clock_nanosleep_time64), // maybe
+#endif
 
     KILL_PROCESS
 };