[tor-commits] [tor/main] sandbox: Allow "clock_gettime64" syscall where defined
ahf at torproject.org
ahf at torproject.org
Mon Nov 8 14:13:25 UTC 2021
commit f5980e60ed519cb8c5ceded7e04f8e63c842c782
Author: Simon South <simon at simonsouth.net>
Date: Wed Nov 3 11:53:33 2021 -0400
sandbox: Allow "clock_gettime64" syscall where defined
On 32-bit architectures where Linux provides the "clock_gettime64" system call,
including i386, glibc uses it in place of "clock_gettime". Modify the sandbox
implementation to match, to prevent Tor's monotonic-time functions (in
src/lib/time/compat_time.c) failing when the sandbox is active.
---
src/lib/sandbox/sandbox.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/src/lib/sandbox/sandbox.c b/src/lib/sandbox/sandbox.c
index a4e9cb7849..fb02a345ab 100644
--- a/src/lib/sandbox/sandbox.c
+++ b/src/lib/sandbox/sandbox.c
@@ -152,7 +152,11 @@ static sandbox_cfg_t *filter_dynamic = NULL;
static int filter_nopar_gen[] = {
SCMP_SYS(access),
SCMP_SYS(brk),
+#ifdef __NR_clock_gettime64
+ SCMP_SYS(clock_gettime64),
+#else
SCMP_SYS(clock_gettime),
+#endif
SCMP_SYS(close),
SCMP_SYS(clone),
SCMP_SYS(dup),
More information about the tor-commits
mailing list