Fix #399 - whitelist clock_gettime in seccomp rules

author: Sjon Hortensius <sjon@hortensius.net> 2018-06-20 14:24:16 +0200
committer: dormando <dormando@rydia.net> 2018-06-27 00:10:12 -0700
commit: 48d513b2d8ad963a9a566071e63b6d2f808e70eb (patch)
tree: 8b2e4875ae370b4e12e5273a20e4d8cf72dd151c /linux_priv.c
parent: 172b16c9b23ae5dfa1b4867a72448c5da5a5a97a (diff)
download: memcached-48d513b2d8ad963a9a566071e63b6d2f808e70eb.tar.gz
1 files changed, 4 insertions, 0 deletions
diff --git a/linux_priv.c b/linux_priv.c
index 4aa905d..cc9aef3 100644
--- a/linux_priv.c
+++ b/linux_priv.c
@@ -33,6 +33,10 @@ void drop_privileges(void) {
     rc |= seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(ioctl), 1, SCMP_A1(SCMP_CMP_EQ, TIOCGWINSZ));
     rc |= seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(ioctl), 1, SCMP_A1(SCMP_CMP_EQ, TCGETS));
 
+#if defined(HAVE_CLOCK_GETTIME) && defined(CLOCK_MONOTONIC)
+    rc |= seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(clock_gettime), 0);
+#endif
+
 #ifdef MEMCACHED_DEBUG
     rc |= seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(open), 0);
     rc |= seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(fcntl), 0);
author	Sjon Hortensius <sjon@hortensius.net>	2018-06-20 14:24:16 +0200
committer	dormando <dormando@rydia.net>	2018-06-27 00:10:12 -0700
commit	48d513b2d8ad963a9a566071e63b6d2f808e70eb (patch)
tree	8b2e4875ae370b4e12e5273a20e4d8cf72dd151c /linux_priv.c
parent	172b16c9b23ae5dfa1b4867a72448c5da5a5a97a (diff)
download	memcached-48d513b2d8ad963a9a566071e63b6d2f808e70eb.tar.gz