Allow nanosleep in preauth privsep child.

The new timing attack mitigation code uses nanosleep in the preauth codepath, allow in sandbox.
author: Darren Tucker <dtucker@dtucker.net> 2018-04-13 16:06:29 +1000
committer: Darren Tucker <dtucker@dtucker.net> 2018-04-13 16:06:29 +1000
commit: 0e73428038d5ecfa5d2a28cff26661502a7aff4e (patch)
tree: c54abba8e6f44872dacff95d8fa201223ff07515 /sandbox-seccomp-filter.c
parent: e9d910b0289c820852f7afa67f584cef1c05fe95 (diff)
download: openssh-git-0e73428038d5ecfa5d2a28cff26661502a7aff4e.tar.gz
1 files changed, 3 insertions, 0 deletions
diff --git a/sandbox-seccomp-filter.c b/sandbox-seccomp-filter.c
index ca75cc71..a189b2fb 100644
--- a/sandbox-seccomp-filter.c
+++ b/sandbox-seccomp-filter.c
@@ -193,6 +193,9 @@ static const struct sock_filter preauth_insns[] = {
 #ifdef __NR_munmap
 	SC_ALLOW(__NR_munmap),
 #endif
+#ifdef __NR_nanosleep
+	SC_ALLOW(__NR_nanosleep),
+#endif
 #ifdef __NR__newselect
 	SC_ALLOW(__NR__newselect),
 #endif
author	Darren Tucker <dtucker@dtucker.net>	2018-04-13 16:06:29 +1000
committer	Darren Tucker <dtucker@dtucker.net>	2018-04-13 16:06:29 +1000
commit	0e73428038d5ecfa5d2a28cff26661502a7aff4e (patch)
tree	c54abba8e6f44872dacff95d8fa201223ff07515 /sandbox-seccomp-filter.c
parent	e9d910b0289c820852f7afa67f584cef1c05fe95 (diff)
download	openssh-git-0e73428038d5ecfa5d2a28cff26661502a7aff4e.tar.gz