forked from pool/openssh
b71bd2f41b
- Add patches to fix the sandbox blocking glibc on 32bit platforms (boo#1164061): * openssh-8.1p1-seccomp-clock_nanosleep_time64.patch * openssh-8.1p1-seccomp-clock_gettime64.patch OBS-URL: https://build.opensuse.org/request/show/775237 OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=203
25 lines
837 B
Diff
25 lines
837 B
Diff
From 5af6fd5461bb709304e6979c8b7856c7af921c9e Mon Sep 17 00:00:00 2001
|
|
From: Darren Tucker <dtucker@dtucker.net>
|
|
Date: Mon, 16 Dec 2019 13:55:56 +1100
|
|
Subject: [PATCH] Allow clock_nanosleep_time64 in seccomp sandbox.
|
|
|
|
Needed on Linux ARM. bz#3100, patch from jjelen@redhat.com.
|
|
---
|
|
sandbox-seccomp-filter.c | 3 +++
|
|
1 file changed, 3 insertions(+)
|
|
|
|
Index: openssh-8.1p1/sandbox-seccomp-filter.c
|
|
===================================================================
|
|
--- openssh-8.1p1.orig/sandbox-seccomp-filter.c
|
|
+++ openssh-8.1p1/sandbox-seccomp-filter.c
|
|
@@ -251,6 +251,9 @@ static const struct sock_filter preauth_
|
|
#ifdef __NR_clock_nanosleep
|
|
SC_ALLOW(__NR_clock_nanosleep),
|
|
#endif
|
|
+#ifdef __NR_clock_nanosleep_time64
|
|
+ SC_ALLOW(__NR_clock_nanosleep_time64),
|
|
+#endif
|
|
#ifdef __NR__newselect
|
|
SC_ALLOW(__NR__newselect),
|
|
#endif
|