Seccomp filter: allow reading the current time (Bug#47708).

* lib-src/seccomp-filter.c (main): Allow reading the current time.
author: Philipp Stephani 2021-04-11 19:42:44 +0200
committer: Philipp Stephani 2021-04-11 19:50:45 +0200
commit: ea5ea09244b762008bba509d8c58bad5835fb949 (patch)
tree: c78e48463aae2a04d348f77afdf3f4670374e58e /lib-src
parent: 751e801f90339480ea43fc2237fc45c8eb39bd6f (diff)
download: emacs-ea5ea09244b762008bba509d8c58bad5835fb949.tar.gz
emacs-ea5ea09244b762008bba509d8c58bad5835fb949.zip
1 files changed, 7 insertions, 0 deletions
diff --git a/lib-src/seccomp-filter.c b/lib-src/seccomp-filter.c
index e4d56e01b4d..9d25a5fe142 100644
--- a/lib-src/seccomp-filter.c
+++ b/lib-src/seccomp-filter.c
@@ -40,6 +40,7 @@ human-readable representation to out.pfc.  */
 #include <stdlib.h>
 #include <stdint.h>
 #include <stdio.h>
+#include <time.h>
 #include <sys/ioctl.h>
 #include <sys/mman.h>
@@ -286,6 +287,12 @@ main (int argc, char **argv)
  RULE (SCMP_ACT_ALLOW, SCMP_SYS (sigprocmask));
  RULE (SCMP_ACT_ALLOW, SCMP_SYS (rt_sigprocmask));
+  /* Allow reading the current time.  */
+  RULE (SCMP_ACT_ALLOW, SCMP_SYS (clock_gettime),
+        SCMP_A0_32 (SCMP_CMP_EQ, CLOCK_REALTIME));
+  RULE (SCMP_ACT_ALLOW, SCMP_SYS (time));
+  RULE (SCMP_ACT_ALLOW, SCMP_SYS (gettimeofday));
  /* Allow timer support.  */
  RULE (SCMP_ACT_ALLOW, SCMP_SYS (timer_create));
  RULE (SCMP_ACT_ALLOW, SCMP_SYS (timerfd_create));
author	Philipp Stephani	2021-04-11 19:42:44 +0200
committer	Philipp Stephani	2021-04-11 19:50:45 +0200
commit	ea5ea09244b762008bba509d8c58bad5835fb949 (patch)
tree	c78e48463aae2a04d348f77afdf3f4670374e58e /lib-src
parent	751e801f90339480ea43fc2237fc45c8eb39bd6f (diff)
download	emacs-ea5ea09244b762008bba509d8c58bad5835fb949.tar.gz emacs-ea5ea09244b762008bba509d8c58bad5835fb949.zip