forked from rpms/openssh
Unbreak seccomp filter with latest glibc (#1771946)
This commit is contained in:
parent
36fef5669a
commit
6a2fce44b5
21
openssh-8.1p1-seccomp-nanosleep.patch
Normal file
21
openssh-8.1p1-seccomp-nanosleep.patch
Normal file
@ -0,0 +1,21 @@
|
||||
commit 7e929163ed40f9ce90060a3ca6df558c3d901379
|
||||
Author: Jakub Jelen <jjelen@redhat.com>
|
||||
Date: Wed Nov 13 12:57:05 2019 +0100
|
||||
|
||||
seccomp: Allow clock_nanosleep() to make OpenSSH working with latest glibc
|
||||
|
||||
diff --git a/sandbox-seccomp-filter.c b/sandbox-seccomp-filter.c
|
||||
index b5cda70b..be239767 100644
|
||||
--- a/sandbox-seccomp-filter.c
|
||||
+++ b/sandbox-seccomp-filter.c
|
||||
@@ -242,6 +242,9 @@ static const struct sock_filter preauth_insns[] = {
|
||||
#ifdef __NR_nanosleep
|
||||
SC_ALLOW(__NR_nanosleep),
|
||||
#endif
|
||||
+#ifdef __NR_clock_nanosleep
|
||||
+ SC_ALLOW(__NR_clock_nanosleep),
|
||||
+#endif
|
||||
#ifdef __NR__newselect
|
||||
SC_ALLOW(__NR__newselect),
|
||||
#endif
|
||||
|
@ -210,6 +210,8 @@ Patch962: openssh-8.0p1-crypto-policies.patch
|
||||
Patch963: openssh-8.0p1-openssl-evp.patch
|
||||
# Use OpenSSL KDF (#1631761)
|
||||
Patch964: openssh-8.0p1-openssl-kdf.patch
|
||||
# Unbreak seccomp filter with latest glibc (#1771946)
|
||||
Patch965: openssh-8.1p1-seccomp-nanosleep.patch
|
||||
|
||||
License: BSD
|
||||
Requires: /sbin/nologin
|
||||
@ -410,6 +412,7 @@ popd
|
||||
%patch962 -p1 -b .crypto-policies
|
||||
%patch963 -p1 -b .openssl-evp
|
||||
%patch964 -p1 -b .openssl-kdf
|
||||
%patch965 -p1 -b .seccomp-nanosleep
|
||||
|
||||
%patch200 -p1 -b .audit
|
||||
%patch201 -p1 -b .audit-race
|
||||
|
Loading…
Reference in New Issue
Block a user