From 483ca6752db2e56339bba084102acd6e68610901 Mon Sep 17 00:00:00 2001
From: "Nicholas J. Kain" <nicholas@kain.us>
Date: Sun, 22 Jul 2012 09:49:51 -0400
Subject: [PATCH] Whitelist syscalls provided by vDSO.

---
 ifchd/ifchd.c | 5 +++++
 ndhc/ndhc.c   | 6 ++++++
 2 files changed, 11 insertions(+)

diff --git a/ifchd/ifchd.c b/ifchd/ifchd.c
index 36d03d7..ea42eb1 100644
--- a/ifchd/ifchd.c
+++ b/ifchd/ifchd.c
@@ -153,6 +153,11 @@ static int enforce_seccomp(void)
 #ifdef __NR_sigreturn
         ALLOW_SYSCALL(sigreturn),
 #endif
+        // Allowed by vDSO
+        ALLOW_SYSCALL(getcpu),
+        ALLOW_SYSCALL(time),
+        ALLOW_SYSCALL(gettimeofday),
+
         ALLOW_SYSCALL(exit_group),
         ALLOW_SYSCALL(exit),
         KILL_PROCESS,
diff --git a/ndhc/ndhc.c b/ndhc/ndhc.c
index dde2247..e088b7f 100644
--- a/ndhc/ndhc.c
+++ b/ndhc/ndhc.c
@@ -134,6 +134,12 @@ static int enforce_seccomp(void)
         ALLOW_SYSCALL(connect),
         ALLOW_SYSCALL(getsockname),
 
+        // Allowed by vDSO
+        ALLOW_SYSCALL(getcpu),
+        ALLOW_SYSCALL(time),
+        ALLOW_SYSCALL(gettimeofday),
+        ALLOW_SYSCALL(clock_gettime),
+
         // These are for 'write_leasefile()'
         ALLOW_SYSCALL(ftruncate),
         ALLOW_SYSCALL(lseek),