Index: sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc |
diff --git a/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc b/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc |
index 45de129e24be031c0a2e729f2a8e07af31e56572..eb2a3077cc5a94714bc1612007f288a3367375b1 100644 |
--- a/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc |
+++ b/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc |
@@ -126,6 +126,10 @@ ResultExpr EvaluateSyscallImpl(int fs_denied_errno, |
return Allow(); |
#endif |
+ if (sysno == __NR_clock_gettime) { |
+ return RestrictClockID(); |
+ } |
+ |
if (sysno == __NR_clone) { |
return RestrictCloneToThreadsAndEPERMFork(); |
} |