35 lines
904 B
Diff
35 lines
904 B
Diff
|
# HG changeset patch
|
||
|
# Parent 85f3cd6c8291c7feb0c1e7a0a3645c130532d206
|
||
|
Add the 'geteuid' syscall to allowed list, since it may becalled on the
|
||
|
mainframes when OpenSSL is using hardware crypto accelerator via libica
|
||
|
(via ibmica)
|
||
|
|
||
|
bsc#1004258
|
||
|
|
||
|
diff --git a/openssh-7.6p1/sandbox-seccomp-filter.c b/openssh-7.6p1/sandbox-seccomp-filter.c
|
||
|
--- a/openssh-7.6p1/sandbox-seccomp-filter.c
|
||
|
+++ b/openssh-7.6p1/sandbox-seccomp-filter.c
|
||
|
@@ -161,16 +161,22 @@ static const struct sock_filter preauth_
|
||
|
SC_ALLOW(__NR_close),
|
||
|
#endif
|
||
|
#ifdef __NR_exit
|
||
|
SC_ALLOW(__NR_exit),
|
||
|
#endif
|
||
|
#ifdef __NR_exit_group
|
||
|
SC_ALLOW(__NR_exit_group),
|
||
|
#endif
|
||
|
+#ifdef __NR_geteuid
|
||
|
+ SC_ALLOW(__NR_geteuid),
|
||
|
+#endif
|
||
|
+#ifdef __NR_geteuid32
|
||
|
+ SC_ALLOW(__NR_geteuid32),
|
||
|
+#endif
|
||
|
#ifdef __NR_getpgid
|
||
|
SC_ALLOW(__NR_getpgid),
|
||
|
#endif
|
||
|
#ifdef __NR_getpid
|
||
|
SC_ALLOW(__NR_getpid),
|
||
|
#endif
|
||
|
#ifdef __NR_getrandom
|
||
|
SC_ALLOW(__NR_getrandom),
|