forked from pool/openssh
b71bd2f41b
- Add patches to fix the sandbox blocking glibc on 32bit platforms (boo#1164061): * openssh-8.1p1-seccomp-clock_nanosleep_time64.patch * openssh-8.1p1-seccomp-clock_gettime64.patch OBS-URL: https://build.opensuse.org/request/show/775237 OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=203
26 lines
811 B
Diff
26 lines
811 B
Diff
From b110cefdfbf5a20f49b774a55062d6ded2fb6e22 Mon Sep 17 00:00:00 2001
|
|
From: Khem Raj <raj.khem@gmail.com>
|
|
Date: Tue, 7 Jan 2020 16:26:45 -0800
|
|
Subject: [PATCH] seccomp: Allow clock_gettime64() in sandbox.
|
|
|
|
This helps sshd accept connections on mips platforms with
|
|
upcoming glibc ( 2.31 )
|
|
---
|
|
sandbox-seccomp-filter.c | 3 +++
|
|
1 file changed, 3 insertions(+)
|
|
|
|
diff --git a/sandbox-seccomp-filter.c b/sandbox-seccomp-filter.c
|
|
index 3ef30c9d5..999c46c9f 100644
|
|
--- a/sandbox-seccomp-filter.c
|
|
+++ b/sandbox-seccomp-filter.c
|
|
@@ -248,6 +248,9 @@ static const struct sock_filter preauth_insns[] = {
|
|
#ifdef __NR_clock_nanosleep_time64
|
|
SC_ALLOW(__NR_clock_nanosleep_time64),
|
|
#endif
|
|
+#ifdef __NR_clock_gettime64
|
|
+ SC_ALLOW(__NR_clock_gettime64),
|
|
+#endif
|
|
#ifdef __NR__newselect
|
|
SC_ALLOW(__NR__newselect),
|
|
#endif
|