# HG changeset patch
# Parent  004731f82470b22b9bd563ef3216034cf00ba133
add 'getuid' syscall to list of allowed ones to prevent the sanboxed thread
from being killed by the seccomp filter

diff --git a/openssh-7.6p1/sandbox-seccomp-filter.c b/openssh-7.6p1/sandbox-seccomp-filter.c
--- a/openssh-7.6p1/sandbox-seccomp-filter.c
+++ b/openssh-7.6p1/sandbox-seccomp-filter.c
@@ -173,16 +173,22 @@ static const struct sock_filter preauth_
 	SC_ALLOW(__NR_getpid),
 #endif
 #ifdef __NR_getrandom
 	SC_ALLOW(__NR_getrandom),
 #endif
 #ifdef __NR_gettimeofday
 	SC_ALLOW(__NR_gettimeofday),
 #endif
+#ifdef __NR_getuid
+	SC_ALLOW(__NR_getuid),
+#endif
+#ifdef __NR_getuid32
+	SC_ALLOW(__NR_getuid32),
+#endif
 #ifdef __NR_madvise
 	SC_ALLOW(__NR_madvise),
 #endif
 #ifdef __NR_mmap
 	SC_ALLOW(__NR_mmap),
 #endif
 #ifdef __NR_mmap2
 	SC_ALLOW(__NR_mmap2),