From: Philipp Stephani <phst@google.com>
Date: Sun, 11 Apr 2021 17:42:44 +0000 (+0200)
Subject: Seccomp filter: allow reading the current time (Bug#47708).
X-Git-Tag: emacs-28.0.90~2904
X-Git-Url: http://git.eshelyaron.com/gitweb/?a=commitdiff_plain;h=ea5ea09244b762008bba509d8c58bad5835fb949;p=emacs.git

Seccomp filter: allow reading the current time (Bug#47708).

* lib-src/seccomp-filter.c (main): Allow reading the current time.
---

diff --git a/lib-src/seccomp-filter.c b/lib-src/seccomp-filter.c
index e4d56e01b4d..9d25a5fe142 100644
--- a/lib-src/seccomp-filter.c
+++ b/lib-src/seccomp-filter.c
@@ -40,6 +40,7 @@ human-readable representation to out.pfc.  */
 #include <stdlib.h>
 #include <stdint.h>
 #include <stdio.h>
+#include <time.h>
 
 #include <sys/ioctl.h>
 #include <sys/mman.h>
@@ -286,6 +287,12 @@ main (int argc, char **argv)
   RULE (SCMP_ACT_ALLOW, SCMP_SYS (sigprocmask));
   RULE (SCMP_ACT_ALLOW, SCMP_SYS (rt_sigprocmask));
 
+  /* Allow reading the current time.  */
+  RULE (SCMP_ACT_ALLOW, SCMP_SYS (clock_gettime),
+        SCMP_A0_32 (SCMP_CMP_EQ, CLOCK_REALTIME));
+  RULE (SCMP_ACT_ALLOW, SCMP_SYS (time));
+  RULE (SCMP_ACT_ALLOW, SCMP_SYS (gettimeofday));
+
   /* Allow timer support.  */
   RULE (SCMP_ACT_ALLOW, SCMP_SYS (timer_create));
   RULE (SCMP_ACT_ALLOW, SCMP_SYS (timerfd_create));