Permit the nanosleep system call in the seccomp2 callbox

Fixes bug 24969; bugfix on 0.2.5.1-alpha when the sandbox was introduced.
2018-04-18 10:25:42 -04:00 · 2018-04-18 10:25:42 -04:00 · c4be6dfeab
parent d3ff126309
commit c4be6dfeab
2 changed files with 6 additions and 0 deletions
--- a/changes/bug24969
+++ b/changes/bug24969
@ -0,0 +1,3 @@
+  o Minor bugfixes (Linux seccomp2 sandbox):
+    - Allow the nanosleep() system call, which glibc uses to implement
+      sleep() and usleep(). Fixes bug 24969; bugfix on 0.2.5.1-alpha.
--- a/src/common/sandbox.c
+++ b/src/common/sandbox.c
@ -185,6 +185,9 @@ static int filter_nopar_gen[] = {
    SCMP_SYS(mmap),
 #endif
    SCMP_SYS(munmap),
+#ifdef __NR_nanosleep
+    SCMP_SYS(nanosleep),
+#endif
 #ifdef __NR_prlimit
    SCMP_SYS(prlimit),
 #endif