[seccomp] Allow clock_nanosleep()

This apparently gets called very rarely during normal operation. This
change fixes a rare server crash.
This commit is contained in:
dongresource 2022-02-03 21:00:44 +01:00
parent 3c6afa0322
commit f376c68115

View File

@ -172,6 +172,7 @@ static sock_filter filter[] = {
ALLOW_SYSCALL(exit), ALLOW_SYSCALL(exit),
ALLOW_SYSCALL(exit_group), ALLOW_SYSCALL(exit_group),
ALLOW_SYSCALL(rt_sigprocmask), // musl-libc ALLOW_SYSCALL(rt_sigprocmask), // musl-libc
ALLOW_SYSCALL(clock_nanosleep), // gets called very rarely
// to crash properly on SIGSEGV // to crash properly on SIGSEGV
DENY_SYSCALL_ERRNO(tgkill, EPERM), DENY_SYSCALL_ERRNO(tgkill, EPERM),
@ -247,6 +248,9 @@ static sock_filter filter[] = {
#ifdef __NR_sigreturn #ifdef __NR_sigreturn
ALLOW_SYSCALL(sigreturn), // vdso ALLOW_SYSCALL(sigreturn), // vdso
#endif #endif
#ifdef __NR_clock_nanosleep_time64
ALLOW_SYSCALL(clock_nanosleep_time64), // maybe
#endif
KILL_PROCESS KILL_PROCESS
}; };