- openssh-6.5p1-seccomp_getuid.patch: re-enabling the seccomp sandbox

(allowing use of the getuid syscall) (bnc#864171)

OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=68

openssh-6.5p1-seccomp_getuid.patch

@@ -6,7 +6,7 @@ from being killed by the seccomp filter
 diff --git a/openssh-6.5p1/sandbox-seccomp-filter.c b/openssh-6.5p1/sandbox-seccomp-filter.c
 --- a/openssh-6.5p1/sandbox-seccomp-filter.c
 +++ b/openssh-6.5p1/sandbox-seccomp-filter.c
-@@ -85,16 +85,18 @@ static const struct sock_filter preauth_
+@@ -85,16 +85,20 @@ static const struct sock_filter preauth_
  		offsetof(struct seccomp_data, arch)),
  	BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, SECCOMP_AUDIT_ARCH, 1, 0),
  	BPF_STMT(BPF_RET+BPF_K, SECCOMP_FILTER_FAIL),
@@ -16,7 +16,9 @@ diff --git a/openssh-6.5p1/sandbox-seccomp-filter.c b/openssh-6.5p1/sandbox-secc
  	SC_DENY(open, EACCES),
  	SC_ALLOW(getpid),
 +	SC_ALLOW(getuid),
++#ifdef __NR_getuid32
 +	SC_ALLOW(getuid32),
++#endif
  	SC_ALLOW(gettimeofday),
  	SC_ALLOW(clock_gettime),
  #ifdef __NR_time /* not defined on EABI ARM */

openssh.changes

@@ -1,14 +1,8 @@
 -------------------------------------------------------------------
 Tue Feb 18 12:56:31 UTC 2014 - pcerny@suse.com
 
-- re-enabling the seccomp sandbox
+- openssh-6.5p1-seccomp_getuid.patch: re-enabling the seccomp sandbox
-  (allowing use of getuid the syscall)
+  (allowing use of the getuid syscall) (bnc#864171)
-
--------------------------------------------------------------------
-Mon Feb 17 11:29:21 UTC 2014 - pcerny@suse.com
-
-- reverting to rlimit sandbox even for newer distributions, since
-  it seems not to work properly (bnc#864171)
 
 -------------------------------------------------------------------
 Wed Feb 12 01:24:16 UTC 2014 - pcerny@suse.com