Accepting request 607030 from network

Enable wait4(), sysinfo(), and shutdown() syscalls in seccomp sandbox. These are required for the daemon to work properly on SLE-15. [bsc#1089088]

OBS-URL: https://build.opensuse.org/request/show/607030
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/vsftpd?expand=0&rev=65

vsftpd-enable-syscalls-needed-by-sle15.patch

@@ -0,0 +1,18 @@
+Index: vsftpd-3.0.3/seccompsandbox.c
+===================================================================
+--- vsftpd-3.0.3.orig/seccompsandbox.c	2018-04-25 06:34:52.154728803 +0000
++++ vsftpd-3.0.3/seccompsandbox.c	2018-04-25 06:37:43.071314942 +0000
+@@ -306,6 +306,13 @@ seccomp_sandbox_setup_base()
+   allow_nr(__NR_restart_syscall);
+   allow_nr(__NR_close);
+   
++  /* Required on SLE-15 because of changes in 3rd party libraries.
++   * Reported in bsc#1089088.
++   */
++  allow_nr(__NR_wait4);
++  allow_nr(__NR_sysinfo);
++  allow_nr(__NR_shutdown);
++
+  /*
+   * Calls to alarm and date
+   * Seems to be some part of the logging

vsftpd.changes

@@ -1,3 +1,10 @@
+-------------------------------------------------------------------
+Wed Apr 25 06:32:25 UTC 2018 - psimons@suse.com
+
+- vsftpd-enable-syscalls-needed-by-sle15.patch: Enable wait4(),
+  sysinfo(), and shutdown() syscalls in seccomp sandbox. These are
+  required for the daemon to work properly on SLE-15. [bsc#1089088]
+
 -------------------------------------------------------------------
 Tue Apr  3 11:48:08 UTC 2018 - vcizek@suse.com
 

vsftpd.spec

@@ -82,6 +82,7 @@ Patch27:        vsftpd-mdtm-in-utc.patch
 Patch28:        vsftpd-die-with-session.patch
 Patch29:        vsftpd-append-seek-pipe.patch
 Patch30:        vsftpd-3.0.3-address_space_limit.patch
+Patch31:        vsftpd-enable-syscalls-needed-by-sle15.patch
 BuildRequires:  libcap-devel
 BuildRequires:  libopenssl-devel
 BuildRequires:  pam-devel
@@ -144,6 +145,7 @@ tests.
 %patch28 -p1
 %patch29 -p1
 %patch30 -p1
+%patch31 -p1
 
 %build
 %define seccomp_opts -D_GNU_SOURCE -DUSE_SECCOMP