# HG changeset patch
# Parent  85f3cd6c8291c7feb0c1e7a0a3645c130532d206
Add the 'geteuid' syscall to allowed list, since it may becalled on the
mainframes when OpenSSL is using hardware crypto accelerator via libica
(via ibmica)

bsc#1004258

diff --git a/openssh-7.6p1/sandbox-seccomp-filter.c b/openssh-7.6p1/sandbox-seccomp-filter.c
--- a/openssh-7.6p1/sandbox-seccomp-filter.c
+++ b/openssh-7.6p1/sandbox-seccomp-filter.c
@@ -161,16 +161,22 @@ static const struct sock_filter preauth_
 	SC_ALLOW(__NR_close),
 #endif
 #ifdef __NR_exit
 	SC_ALLOW(__NR_exit),
 #endif
 #ifdef __NR_exit_group
 	SC_ALLOW(__NR_exit_group),
 #endif
+#ifdef __NR_geteuid
+	SC_ALLOW(__NR_geteuid),
+#endif
+#ifdef __NR_geteuid32
+	SC_ALLOW(__NR_geteuid32),
+#endif
 #ifdef __NR_getpgid
 	SC_ALLOW(__NR_getpgid),
 #endif
 #ifdef __NR_getpid
 	SC_ALLOW(__NR_getpid),
 #endif
 #ifdef __NR_getrandom
 	SC_ALLOW(__NR_getrandom),