openssh/openssh-whitelist-syscalls.patch

35 lines
927 B
Diff

Index: openssh-8.8p1/sandbox-seccomp-filter.c
===================================================================
--- openssh-8.8p1.orig/sandbox-seccomp-filter.c
+++ openssh-8.8p1/sandbox-seccomp-filter.c
@@ -201,6 +201,9 @@ static const struct sock_filter preauth_
#ifdef __NR_close
SC_ALLOW(__NR_close),
#endif
+#ifdef __NR_close_range
+ SC_ALLOW(__NR_close_range),
+#endif
#ifdef __NR_exit
SC_ALLOW(__NR_exit),
#endif
@@ -213,6 +216,9 @@ static const struct sock_filter preauth_
#ifdef __NR_futex_time64
SC_FUTEX(__NR_futex_time64),
#endif
+#ifdef __NR_futex_time64
+ SC_ALLOW(__NR_futex_time64),
+#endif
#ifdef __NR_geteuid
SC_ALLOW(__NR_geteuid),
#endif
@@ -293,6 +299,9 @@ static const struct sock_filter preauth_
#endif
#ifdef __NR_pselect6_time64
SC_ALLOW(__NR_pselect6_time64),
+#endif
+#ifdef __NR_pselect6_time64
+ SC_ALLOW(__NR_pselect6_time64),
#endif
#ifdef __NR_read
SC_ALLOW(__NR_read),