commit f2b3a5193f96ab48bae4463654c67af706a18cdd
from: Omar Polo <op@omarpolo.com>
date: Wed Jan 20 16:19:54 2021 UTC

allow clock_gettime and a bit of fmt

alpine on amd64 (under OpenBSD vmd) tries to do a clock_gettime.  I
don't know why, but it doesn't seem a problem to allow it.

commit - 3c0375e405857c074c428ddb3330d6286fcc47aa
commit + f2b3a5193f96ab48bae4463654c67af706a18cdd
blob - 3d3b6195a0debd845efda2f404cee2e087c87091
blob + 437755ffb43ee1e95ad1dd1ce237bb69783f1d3c
--- sandbox.c
+++ sandbox.c
@@ -161,9 +161,13 @@ sandbox()
 		/* XXX: ??? */
 		SC_ALLOW(getpid),
 
+		/* alpine on amd64 does a clock_gettime(2) */
+		SC_ALLOW(clock_gettime),
+
 		SC_ALLOW(exit),
 		SC_ALLOW(exit_group),
-                /* allow only F_GETFL and F_SETFL fcntl */
+
+		/* allow only F_GETFL and F_SETFL fcntl */
 		BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, __NR_fcntl, 0, 6),
 		BPF_STMT(BPF_LD  | BPF_W | BPF_ABS,
 		    (offsetof(struct seccomp_data, args[1]))),
@@ -172,7 +176,7 @@ sandbox()
 		BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, F_SETFL, 0, 1),
 		BPF_STMT(BPF_RET | BPF_K, SECCOMP_RET_ALLOW),
 		BPF_STMT(BPF_RET | BPF_K, SC_FAIL),
-                /* re-load the syscall number */
+		/* re-load the syscall number */
 		BPF_STMT(BPF_LD | BPF_W | BPF_ABS,
 		    (offsetof(struct seccomp_data, nr))),