allow clock_gettime and a bit of fmt

alpine on amd64 (under OpenBSD vmd) tries to do a clock_gettime. I don't know why, but it doesn't seem a problem to allow it.
author: Omar Polo <op@omarpolo.com> 2021-01-20 16:19:54 +0000
committer: Omar Polo <op@omarpolo.com> 2021-01-20 16:19:54 +0000
commit: f2b3a5193f96ab48bae4463654c67af706a18cdd (patch)
tree: d3ba8e8d3bb0a7c4f84c9a72d5f63afd3089a89b /sandbox.c
parent: 3c0375e405857c074c428ddb3330d6286fcc47aa (diff)
1 files changed, 6 insertions, 2 deletions
diff --git a/sandbox.c b/sandbox.c
index 3d3b619..437755f 100644
--- a/sandbox.c
+++ b/sandbox.c
@@ -161,9 +161,13 @@ sandbox()
 		/* XXX: ??? */
 		SC_ALLOW(getpid),
 
+		/* alpine on amd64 does a clock_gettime(2) */
+		SC_ALLOW(clock_gettime),
+
 		SC_ALLOW(exit),
 		SC_ALLOW(exit_group),
-                /* allow only F_GETFL and F_SETFL fcntl */
+
+		/* allow only F_GETFL and F_SETFL fcntl */
 		BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, __NR_fcntl, 0, 6),
 		BPF_STMT(BPF_LD  | BPF_W | BPF_ABS,
 		    (offsetof(struct seccomp_data, args[1]))),
@@ -172,7 +176,7 @@ sandbox()
 		BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, F_SETFL, 0, 1),
 		BPF_STMT(BPF_RET | BPF_K, SECCOMP_RET_ALLOW),
 		BPF_STMT(BPF_RET | BPF_K, SC_FAIL),
-                /* re-load the syscall number */
+		/* re-load the syscall number */
 		BPF_STMT(BPF_LD | BPF_W | BPF_ABS,
 		    (offsetof(struct seccomp_data, nr))),
author	Omar Polo <op@omarpolo.com>	2021-01-20 16:19:54 +0000
committer	Omar Polo <op@omarpolo.com>	2021-01-20 16:19:54 +0000
commit	f2b3a5193f96ab48bae4463654c67af706a18cdd (patch)
tree	d3ba8e8d3bb0a7c4f84c9a72d5f63afd3089a89b /sandbox.c
parent	3c0375e405857c074c428ddb3330d6286fcc47aa (diff)