From 48d513b2d8ad963a9a566071e63b6d2f808e70eb Mon Sep 17 00:00:00 2001
From: Sjon Hortensius <sjon@hortensius.net>
Date: Wed, 20 Jun 2018 14:24:16 +0200
Subject: Fix #399 - whitelist clock_gettime in seccomp rules

---
 linux_priv.c | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'linux_priv.c')

diff --git a/linux_priv.c b/linux_priv.c
index 4aa905d..cc9aef3 100644
--- a/linux_priv.c
+++ b/linux_priv.c
@@ -33,6 +33,10 @@ void drop_privileges(void) {
     rc |= seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(ioctl), 1, SCMP_A1(SCMP_CMP_EQ, TIOCGWINSZ));
     rc |= seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(ioctl), 1, SCMP_A1(SCMP_CMP_EQ, TCGETS));
 
+#if defined(HAVE_CLOCK_GETTIME) && defined(CLOCK_MONOTONIC)
+    rc |= seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(clock_gettime), 0);
+#endif
+
 #ifdef MEMCACHED_DEBUG
     rc |= seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(open), 0);
     rc |= seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(fcntl), 0);
-- 
cgit v1.2.1