Allow nanosleep in preauth privsep child.
The new timing attack mitigation code uses nanosleep in the preauth codepath, allow in sandbox.
This commit is contained in:
parent
e9d910b028
commit
0e73428038
|
@ -193,6 +193,9 @@ static const struct sock_filter preauth_insns[] = {
|
||||||
#ifdef __NR_munmap
|
#ifdef __NR_munmap
|
||||||
SC_ALLOW(__NR_munmap),
|
SC_ALLOW(__NR_munmap),
|
||||||
#endif
|
#endif
|
||||||
|
#ifdef __NR_nanosleep
|
||||||
|
SC_ALLOW(__NR_nanosleep),
|
||||||
|
#endif
|
||||||
#ifdef __NR__newselect
|
#ifdef __NR__newselect
|
||||||
SC_ALLOW(__NR__newselect),
|
SC_ALLOW(__NR__newselect),
|
||||||
#endif
|
#endif
|
||||||
|
|
Loading…
Reference in New Issue