forked from pool/openssh
252ed8ae18
fix broken seccomp sandbox OBS-URL: https://build.opensuse.org/request/show/392909 OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=101
29 lines
823 B
Diff
29 lines
823 B
Diff
# HG changeset patch
|
|
# Parent 8c8249d4e830ade9dfa1d2294c6218bbe439cb4a
|
|
Allow the stat() syscall for OpenSSL re-seed patch
|
|
(which causes OpenSSL use stat() on some file)
|
|
|
|
bnc#912436
|
|
|
|
diff --git a/openssh-6.6p1/sandbox-seccomp-filter.c b/openssh-6.6p1/sandbox-seccomp-filter.c
|
|
--- a/openssh-6.6p1/sandbox-seccomp-filter.c
|
|
+++ b/openssh-6.6p1/sandbox-seccomp-filter.c
|
|
@@ -97,16 +97,17 @@ static const struct sock_filter preauth_
|
|
SC_ALLOW(gettimeofday),
|
|
SC_ALLOW(clock_gettime),
|
|
#ifdef __NR_time /* not defined on EABI ARM */
|
|
SC_ALLOW(time),
|
|
#endif
|
|
SC_ALLOW(read),
|
|
SC_ALLOW(write),
|
|
SC_ALLOW(close),
|
|
+ SC_ALLOW(stat),
|
|
#ifdef __NR_shutdown /* not defined on archs that go via socketcall(2) */
|
|
SC_ALLOW(shutdown),
|
|
#endif
|
|
SC_ALLOW(brk),
|
|
SC_ALLOW(poll),
|
|
#ifdef __NR__newselect
|
|
SC_ALLOW(_newselect),
|
|
#else
|