Allow nanosleep in preauth privsep child.

The new timing attack mitigation code uses nanosleep in the preauth
codepath, allow in sandbox.
This commit is contained in:
Darren Tucker 2018-04-13 16:06:29 +10:00
parent e9d910b028
commit 0e73428038
1 changed files with 3 additions and 0 deletions

View File

@ -193,6 +193,9 @@ static const struct sock_filter preauth_insns[] = {
#ifdef __NR_munmap #ifdef __NR_munmap
SC_ALLOW(__NR_munmap), SC_ALLOW(__NR_munmap),
#endif #endif
#ifdef __NR_nanosleep
SC_ALLOW(__NR_nanosleep),
#endif
#ifdef __NR__newselect #ifdef __NR__newselect
SC_ALLOW(__NR__newselect), SC_ALLOW(__NR__newselect),
#endif #endif