From f5980e60ed519cb8c5ceded7e04f8e63c842c782 Mon Sep 17 00:00:00 2001
From: Simon South <simon@simonsouth.net>
Date: Wed, 3 Nov 2021 11:53:33 -0400
Subject: [PATCH] sandbox: Allow "clock_gettime64" syscall where defined

On 32-bit architectures where Linux provides the "clock_gettime64" system call,
including i386, glibc uses it in place of "clock_gettime".  Modify the sandbox
implementation to match, to prevent Tor's monotonic-time functions (in
src/lib/time/compat_time.c) failing when the sandbox is active.
---
 src/lib/sandbox/sandbox.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/src/lib/sandbox/sandbox.c b/src/lib/sandbox/sandbox.c
index a4e9cb7849..fb02a345ab 100644
--- a/src/lib/sandbox/sandbox.c
+++ b/src/lib/sandbox/sandbox.c
@@ -152,7 +152,11 @@ static sandbox_cfg_t *filter_dynamic = NULL;
 static int filter_nopar_gen[] = {
     SCMP_SYS(access),
     SCMP_SYS(brk),
+#ifdef __NR_clock_gettime64
+    SCMP_SYS(clock_gettime64),
+#else
     SCMP_SYS(clock_gettime),
+#endif
     SCMP_SYS(close),
     SCMP_SYS(clone),
     SCMP_SYS(dup),