Allow restricted clock_nanosleep in Linux sandbox

To support glibc 2.30, allow clock_nanosleep in the baseline BPF
policy, with the same clock_id restrictions as clock_gettime and
other clock_* syscalls.

Bug: 1025739
Change-Id: Ic53a782fef01049bc61c535b50735a4a7d4c23c0
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1935715
Commit-Queue: Matthew Denton <mpdenton@chromium.org>
Reviewed-by: Robert Sesek <rsesek@chromium.org>
Cr-Commit-Position: refs/heads/master@{#719421}
5 files changed