Attachment #2927 for bug #2142

View | Details | Raw Unified | Return to bug 2142 | Differences between
Collapse All | Expand All




#endif
#ifdef __NR_clock_gettime
	SC_ALLOW(clock_gettime),
# if defined(__x86_64__) && defined(__ILP32__)
	/* On Linux x32, the clock_gettime VDSO currently falls back to the
	 * x86-64 syscall (see https://bugs.debian.org/849923), so allow
	 * that too.
	 */
	BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K,
	    __NR_clock_gettime & ~__X32_SYSCALL_BIT, 0, 1),
	BPF_STMT(BPF_RET+BPF_K, SECCOMP_RET_ALLOW),
# endif
#endif
#ifdef __NR_close
	SC_ALLOW(close),
- 

Return to bug 2142

Lines 137-142 static const struct sock_filter preauth_insns[] = { Link Here

(-)a/sandbox-seccomp-filter.c (-1 / +9 lines)
137	#endif	137	#endif
138	#ifdef __NR_clock_gettime	138	#ifdef __NR_clock_gettime
139	SC_ALLOW(clock_gettime),	139	SC_ALLOW(clock_gettime),
		140	# if defined(__x86_64__) && defined(__ILP32__)
		141	/* On Linux x32, the clock_gettime VDSO currently falls back to the
		142	* x86-64 syscall (see https://bugs.debian.org/849923), so allow
		143	* that too.
		144	*/
		145	BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K,
		146	__NR_clock_gettime & ~__X32_SYSCALL_BIT, 0, 1),
		147	BPF_STMT(BPF_RET+BPF_K, SECCOMP_RET_ALLOW),
		148	# endif
140	#endif	149	#endif
141	#ifdef __NR_close	150	#ifdef __NR_close
142	SC_ALLOW(close),	151	SC_ALLOW(close),
143	-