Unbreak seccomp filter with latest glibc (#1771946)

This commit is contained in:
Jakub Jelen 2019-11-14 09:18:41 +01:00
parent 36fef5669a
commit 6a2fce44b5
2 changed files with 24 additions and 0 deletions

View File

@ -0,0 +1,21 @@
commit 7e929163ed40f9ce90060a3ca6df558c3d901379
Author: Jakub Jelen <jjelen@redhat.com>
Date: Wed Nov 13 12:57:05 2019 +0100
seccomp: Allow clock_nanosleep() to make OpenSSH working with latest glibc
diff --git a/sandbox-seccomp-filter.c b/sandbox-seccomp-filter.c
index b5cda70b..be239767 100644
--- a/sandbox-seccomp-filter.c
+++ b/sandbox-seccomp-filter.c
@@ -242,6 +242,9 @@ static const struct sock_filter preauth_insns[] = {
#ifdef __NR_nanosleep
SC_ALLOW(__NR_nanosleep),
#endif
+#ifdef __NR_clock_nanosleep
+ SC_ALLOW(__NR_clock_nanosleep),
+#endif
#ifdef __NR__newselect
SC_ALLOW(__NR__newselect),
#endif

View File

@ -210,6 +210,8 @@ Patch962: openssh-8.0p1-crypto-policies.patch
Patch963: openssh-8.0p1-openssl-evp.patch Patch963: openssh-8.0p1-openssl-evp.patch
# Use OpenSSL KDF (#1631761) # Use OpenSSL KDF (#1631761)
Patch964: openssh-8.0p1-openssl-kdf.patch Patch964: openssh-8.0p1-openssl-kdf.patch
# Unbreak seccomp filter with latest glibc (#1771946)
Patch965: openssh-8.1p1-seccomp-nanosleep.patch
License: BSD License: BSD
Requires: /sbin/nologin Requires: /sbin/nologin
@ -410,6 +412,7 @@ popd
%patch962 -p1 -b .crypto-policies %patch962 -p1 -b .crypto-policies
%patch963 -p1 -b .openssl-evp %patch963 -p1 -b .openssl-evp
%patch964 -p1 -b .openssl-kdf %patch964 -p1 -b .openssl-kdf
%patch965 -p1 -b .seccomp-nanosleep
%patch200 -p1 -b .audit %patch200 -p1 -b .audit
%patch201 -p1 -b .audit-race %patch201 -p1 -b .audit-race