Index: components/nacl/loader/sandbox_linux/nacl_bpf_sandbox_linux.cc |
diff --git a/components/nacl/loader/sandbox_linux/nacl_bpf_sandbox_linux.cc b/components/nacl/loader/sandbox_linux/nacl_bpf_sandbox_linux.cc |
index e123523de2b0b0444abeceaa83bfb326e1b7aa5d..8071d4f4487aae945aefa7a66a4b4748e6db0b51 100644 |
--- a/components/nacl/loader/sandbox_linux/nacl_bpf_sandbox_linux.cc |
+++ b/components/nacl/loader/sandbox_linux/nacl_bpf_sandbox_linux.cc |
@@ -74,6 +74,7 @@ ErrorCode NaClBPFSandboxPolicy::EvaluateSyscall( |
sandbox::SandboxBPF* sb, int sysno) const { |
DCHECK(baseline_policy_); |
switch (sysno) { |
+ case __NR_clone: // TODO(jln): restrict parameters. |
// TODO(jln): NaCl's GDB debug stub uses the following socket system calls, |
// see if it can be restricted a bit. |
#if defined(__x86_64__) || defined(__arm__) |