Marcus Meissner
76f90815e2
- The linux kernel has close_range(2) syscall which current glibc uses to implement closefrom(3) which will be then used by openssh. whitelist the new system call so closefrom does not fail or fallback to iterating proc/self/fd (openssh-whitelist-syscalls.patch) OBS-URL: https://build.opensuse.org/request/show/907161 OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=233
33 lines
633 B
Diff
33 lines
633 B
Diff
--- a/sandbox-seccomp-filter.c
|
|
+++ b/sandbox-seccomp-filter.c
|
|
@@ -195,6 +195,9 @@
|
|
#ifdef __NR_close
|
|
SC_ALLOW(__NR_close),
|
|
#endif
|
|
+#ifdef __NR_close_range
|
|
+ SC_ALLOW(__NR_close_range),
|
|
+#endif
|
|
#ifdef __NR_exit
|
|
SC_ALLOW(__NR_exit),
|
|
#endif
|
|
@@ -204,6 +207,9 @@
|
|
#ifdef __NR_futex
|
|
SC_ALLOW(__NR_futex),
|
|
#endif
|
|
+#ifdef __NR_futex_time64
|
|
+ SC_ALLOW(__NR_futex_time64),
|
|
+#endif
|
|
#ifdef __NR_geteuid
|
|
SC_ALLOW(__NR_geteuid),
|
|
#endif
|
|
@@ -282,6 +288,9 @@
|
|
#ifdef __NR_pselect6
|
|
SC_ALLOW(__NR_pselect6),
|
|
#endif
|
|
+#ifdef __NR_pselect6_time64
|
|
+ SC_ALLOW(__NR_pselect6_time64),
|
|
+#endif
|
|
#ifdef __NR_read
|
|
SC_ALLOW(__NR_read),
|
|
#endif
|