openssh: fix ppoll_time64 seccomp violation on 32-bit platforms.
Closes #35913.
This commit is contained in:
Leah Neukirchen
parent
84354867b4
commit
496e3f824d
|
|
@ -0,0 +1,26 @@
|
||||||
|
From 284b6e5394652d519e31782e3b3cdfd7b21d1a81 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Darren Tucker <dtucker@dtucker.net>
|
||||||
|
Date: Sat, 26 Feb 2022 14:06:14 +1100
|
||||||
|
Subject: [PATCH] Allow ppoll_time64 in seccomp sandbox.
|
||||||
|
|
||||||
|
Should fix sandbox violations on (some? at least i386 and armhf) 32bit
|
||||||
|
Linux platforms. Patch from chutzpahu at gentoo.org and cjwatson at
|
||||||
|
debian.org via bz#3396.
|
||||||
|
---
|
||||||
|
sandbox-seccomp-filter.c | 3 +++
|
||||||
|
1 file changed, 3 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/sandbox-seccomp-filter.c b/sandbox-seccomp-filter.c
|
||||||
|
index 2e065ba3ed..4ce80cb2a7 100644
|
||||||
|
--- a/sandbox-seccomp-filter.c
|
||||||
|
+++ b/sandbox-seccomp-filter.c
|
||||||
|
@@ -276,6 +276,9 @@ static const struct sock_filter preauth_insns[] = {
|
||||||
|
#ifdef __NR_ppoll
|
||||||
|
SC_ALLOW(__NR_ppoll),
|
||||||
|
#endif
|
||||||
|
+#ifdef __NR_ppoll_time64
|
||||||
|
+ SC_ALLOW(__NR_ppoll_time64),
|
||||||
|
+#endif
|
||||||
|
#ifdef __NR_poll
|
||||||
|
SC_ALLOW(__NR_poll),
|
||||||
|
#endif
|
||||||
|
|
@ -1,7 +1,7 @@
|
||||||
# Template file for 'openssh'
|
# Template file for 'openssh'
|
||||||
pkgname=openssh
|
pkgname=openssh
|
||||||
version=8.9p1
|
version=8.9p1
|
||||||
revision=1
|
revision=2
|
||||||
build_style=gnu-configure
|
build_style=gnu-configure
|
||||||
configure_args="--datadir=/usr/share/openssh
|
configure_args="--datadir=/usr/share/openssh
|
||||||
--sysconfdir=/etc/ssh --without-selinux --with-privsep-user=nobody
|
--sysconfdir=/etc/ssh --without-selinux --with-privsep-user=nobody
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue