jonathan/openssh
1
0
Fork 0
forked from rpms/openssh
Code Pull Requests Activity

Return stat syscall to seccomp filter, since it is not yet completely legacy (#1228323)

Browse Source 
* problems occured with gssapi, which is trying to touch some libraries
This commit is contained in:
Jakub Jelen 2015-06-08 09:03:59 +02:00
parent f049b3b1ad
commit 7fa5057af5
1 changed files with 4 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
openssh-6.7p1-seccomp-aarch64.patch
View File

@ -21,12 +21,14 @@ diff --git a/sandbox-seccomp-filter.c b/sandbox-seccomp-filter.c
index 095b04a..52f6810 100644 index 095b04a..52f6810 100644
--- a/sandbox-seccomp-filter.c --- a/sandbox-seccomp-filter.c
+++ b/sandbox-seccomp-filter.c +++ b/sandbox-seccomp-filter.c
@@ -90,8 +90,20 @@ static const struct sock_filter preauth_insns[] = { @@ -90,8 +90,23 @@ static const struct sock_filter preauth_insns[] = {
/* Load the syscall number for checking. */ /* Load the syscall number for checking. */
BPF_STMT(BPF_LD+BPF_W+BPF_ABS, BPF_STMT(BPF_LD+BPF_W+BPF_ABS,
offsetof(struct seccomp_data, nr)), offsetof(struct seccomp_data, nr)),
- SC_DENY(open, EACCES), - SC_DENY(open, EACCES),
- SC_DENY(stat, EACCES), +#ifdef __NR_stat
SC_DENY(stat, EACCES),
+#endif
+ SC_DENY(openat, EACCES), + SC_DENY(openat, EACCES),
+#ifdef __NR_open +#ifdef __NR_open
+ SC_DENY(open, EACCES), /* not on AArch64 */ + SC_DENY(open, EACCES), /* not on AArch64 */