runsc/filters: permit clock_nanosleep for race

Syzkaller hosts contains many audit messages that runsc tries to call the clock_nanosleep syscall. PiperOrigin-RevId: 359331413
author: Andrei Vagin <avagin@google.com> 2021-02-24 11:34:08 -0800
committer: gVisor bot <gvisor-bot@google.com> 2021-02-24 11:36:59 -0800
commit: 055073f11813a7b675cb19aa6c540a667cd746a5 (patch)
tree: 9723f7c65906d15fc219c388a63a2e3c6404a354
parent: acd516cfe2920006a5d2760c78bd2245d498023a (diff)
2 files changed, 2 insertions, 0 deletions
diff --git a/runsc/boot/filter/extra_filters_race.go b/runsc/boot/filter/extra_filters_race.go
index 9ff80276a..5b99eb8cd 100644
--- a/runsc/boot/filter/extra_filters_race.go
+++ b/runsc/boot/filter/extra_filters_race.go
@@ -27,6 +27,7 @@ func instrumentationFilters() seccomp.SyscallRules {
 	Report("TSAN is enabled: syscall filters less restrictive!")
 	return seccomp.SyscallRules{
 		syscall.SYS_BRK:             {},
+		syscall.SYS_CLOCK_NANOSLEEP: {},
 		syscall.SYS_CLONE:           {},
 		syscall.SYS_FUTEX:           {},
 		syscall.SYS_MMAP:            {},
diff --git a/runsc/fsgofer/filter/extra_filters_race.go b/runsc/fsgofer/filter/extra_filters_race.go
index 20a0732be..cbd5c487e 100644
--- a/runsc/fsgofer/filter/extra_filters_race.go
+++ b/runsc/fsgofer/filter/extra_filters_race.go
@@ -28,6 +28,7 @@ func instrumentationFilters() seccomp.SyscallRules {
 	log.Warningf("*** SECCOMP WARNING: TSAN is enabled: syscall filters less restrictive!")
 	return seccomp.SyscallRules{
 		syscall.SYS_BRK:             {},
+		syscall.SYS_CLOCK_NANOSLEEP: {},
 		syscall.SYS_CLONE:           {},
 		syscall.SYS_FUTEX:           {},
 		syscall.SYS_MADVISE:         {},
author	Andrei Vagin <avagin@google.com>	2021-02-24 11:34:08 -0800
committer	gVisor bot <gvisor-bot@google.com>	2021-02-24 11:36:59 -0800
commit	055073f11813a7b675cb19aa6c540a667cd746a5 (patch)
tree	9723f7c65906d15fc219c388a63a2e3c6404a354
parent	acd516cfe2920006a5d2760c78bd2245d498023a (diff)