Allow building seccomp filters also for s390(x) architectures (#1195065)
This commit is contained in:
parent
274e22c863
commit
58ba50440e
@ -1,14 +0,0 @@
|
||||
diff -up openssh/configure.ac.seccomp openssh/configure.ac
|
||||
diff -up openssh/sandbox-seccomp-filter.c.seccomp openssh/sandbox-seccomp-filter.c
|
||||
--- openssh/sandbox-seccomp-filter.c.seccomp 2015-06-24 11:45:44.001581471 +0200
|
||||
+++ openssh/sandbox-seccomp-filter.c 2015-06-24 11:51:54.032635297 +0200
|
||||
@@ -165,6 +165,9 @@ static const struct sock_filter preauth_
|
||||
#ifdef __NR__newselect
|
||||
SC_ALLOW(_newselect),
|
||||
#endif
|
||||
+#ifdef __NR_pselect6 /* AArch64 */
|
||||
+ SC_ALLOW(pselect6),
|
||||
+#endif
|
||||
#ifdef __NR_poll
|
||||
SC_ALLOW(poll),
|
||||
#endif
|
32
openssh-6.9p1-seccomp-secondary.patch
Normal file
32
openssh-6.9p1-seccomp-secondary.patch
Normal file
@ -0,0 +1,32 @@
|
||||
diff -up openssh/configure.ac.seccomp openssh/configure.ac
|
||||
diff -up openssh/sandbox-seccomp-filter.c.seccomp openssh/sandbox-seccomp-filter.c
|
||||
--- openssh/sandbox-seccomp-filter.c.seccomp 2015-06-24 11:45:44.001581471 +0200
|
||||
+++ openssh/sandbox-seccomp-filter.c 2015-06-24 11:51:54.032635297 +0200
|
||||
@@ -165,6 +165,9 @@ static const struct sock_filter preauth_
|
||||
#ifdef __NR__newselect
|
||||
SC_ALLOW(_newselect),
|
||||
#endif
|
||||
+#ifdef __NR_pselect6 /* AArch64 */
|
||||
+ SC_ALLOW(pselect6),
|
||||
+#endif
|
||||
#ifdef __NR_poll
|
||||
SC_ALLOW(poll),
|
||||
#endif
|
||||
diff --git a/configure.ac b/configure.ac
|
||||
index 24378a7..0bed910 100644
|
||||
--- a/configure.ac
|
||||
+++ b/configure.ac
|
||||
@@ -811,6 +811,12 @@ main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16))
|
||||
aarch64*-*)
|
||||
seccomp_audit_arch=AUDIT_ARCH_AARCH64
|
||||
;;
|
||||
+ s390x-*)
|
||||
+ seccomp_audit_arch=AUDIT_ARCH_S390X
|
||||
+ ;;
|
||||
+ s390-*)
|
||||
+ seccomp_audit_arch=AUDIT_ARCH_S390
|
||||
+ ;;
|
||||
esac
|
||||
if test "x$seccomp_audit_arch" != "x" ; then
|
||||
AC_MSG_RESULT(["$seccomp_audit_arch"])
|
||||
|
@ -521,7 +521,7 @@ fi
|
||||
%endif
|
||||
%if %{WITH_SELINUX}
|
||||
--with-selinux --with-audit=linux \
|
||||
%ifarch %{ix86} x86_64 %{arm} aarch64
|
||||
%ifarch %{ix86} x86_64 %{arm} aarch64 s390x x390
|
||||
--with-sandbox=seccomp_filter \
|
||||
%else
|
||||
--with-sandbox=rlimit \
|
||||
|
Loading…
Reference in New Issue
Block a user