forked from rpms/openssh
Enable seccomp sandboxing after resolving problems with audit patch (#1062953)
This commit is contained in:
parent
b552eb6714
commit
0a4ac4f4d3
@ -2373,3 +2373,17 @@ index 4554b09..226a494 100644
|
|||||||
int sshkey_is_cert(const struct sshkey *);
|
int sshkey_is_cert(const struct sshkey *);
|
||||||
int sshkey_type_is_cert(int);
|
int sshkey_type_is_cert(int);
|
||||||
int sshkey_type_plain(int);
|
int sshkey_type_plain(int);
|
||||||
|
|
||||||
|
diff -U3 openssh-6.6p1/sandbox-seccomp-filter.c openssh-6.6p1.seccomp/sandbox-seccomp-filter.c
|
||||||
|
--- openssh-6.6p1/sandbox-seccomp-filter.c 2014-02-06 01:17:50.000000000 +0100
|
||||||
|
+++ openssh-6.6p1.seccomp/sandbox-seccomp-filter.c 2015-02-11 09:07:10.885000000 +0100
|
||||||
|
@@ -95,6 +95,9 @@
|
||||||
|
#ifdef __NR_time /* not defined on EABI ARM */
|
||||||
|
SC_ALLOW(time),
|
||||||
|
#endif
|
||||||
|
+#ifdef SSH_AUDIT_EVENTS
|
||||||
|
+ SC_ALLOW(getuid),
|
||||||
|
+#endif
|
||||||
|
SC_ALLOW(read),
|
||||||
|
SC_ALLOW(write),
|
||||||
|
SC_ALLOW(close),
|
||||||
|
@ -506,12 +506,7 @@ fi
|
|||||||
%endif
|
%endif
|
||||||
%if %{WITH_SELINUX}
|
%if %{WITH_SELINUX}
|
||||||
--with-selinux --with-audit=linux \
|
--with-selinux --with-audit=linux \
|
||||||
%if 0
|
|
||||||
#seccomp_filter cannot be build right now
|
|
||||||
--with-sandbox=seccomp_filter \
|
--with-sandbox=seccomp_filter \
|
||||||
%else
|
|
||||||
--with-sandbox=rlimit \
|
|
||||||
%endif
|
|
||||||
%endif
|
%endif
|
||||||
%if %{kerberos5}
|
%if %{kerberos5}
|
||||||
--with-kerberos5${krb5_prefix:+=${krb5_prefix}} \
|
--with-kerberos5${krb5_prefix:+=${krb5_prefix}} \
|
||||||
|
Loading…
Reference in New Issue
Block a user