Permit the nanosleep system call in the seccomp2 callbox

author Nick Mathewson <nickm@torproject.org>

Wed, 18 Apr 2018 14:25:42 +0000 (10:25 -0400)

committer Nick Mathewson <nickm@torproject.org>

Mon, 23 Apr 2018 13:15:40 +0000 (09:15 -0400)
author Nick Mathewson <nickm@torproject.org>
Wed, 18 Apr 2018 14:25:42 +0000 (10:25 -0400)
committer Nick Mathewson <nickm@torproject.org>
Mon, 23 Apr 2018 13:15:40 +0000 (09:15 -0400)
diff --git a/changes/bug24969 b/changes/bug24969

new file mode 100644 (file)

index 0000000..46b2bae
--- /dev/null
+++ b/changes/bug24969
@@ -0,0 +1,3 @@
+  o Minor bugfixes (Linux seccomp2 sandbox):
+    - Allow the nanosleep() system call, which glibc uses to implement
+      sleep() and usleep(). Fixes bug 24969; bugfix on 0.2.5.1-alpha.
diff --git a/src/common/sandbox.c b/src/common/sandbox.c

index 87fe08e881b7325046f0f0968455909561ed8c2a..3d27ea66b507ab817f5b0606d3f52c8862b61f90 100644 (file)
--- a/src/common/sandbox.c
+++ b/src/common/sandbox.c
@@ -185,6 +185,9 @@ static int filter_nopar_gen[] = {
      SCMP_SYS(mmap),
  #endif
      SCMP_SYS(munmap),
+#ifdef __NR_nanosleep
+    SCMP_SYS(nanosleep),
+#endif
  #ifdef __NR_prlimit
      SCMP_SYS(prlimit),
  #endif
author	Nick Mathewson <nickm@torproject.org>
	Wed, 18 Apr 2018 14:25:42 +0000 (10:25 -0400)
committer	Nick Mathewson <nickm@torproject.org>
	Mon, 23 Apr 2018 13:15:40 +0000 (09:15 -0400)
changes/bug24969	[new file with mode: 0644]	patch \| blob
src/common/sandbox.c		patch \| blob \| blame \| history