Allow building seccomp filters also for s390(x) architectures (#1195065)

2015-07-02 17:10:58 +02:00 · 2015-07-02 17:10:58 +02:00 · 58ba50440e
commit 58ba50440e
parent 274e22c863
3 changed files with 33 additions and 15 deletions
--- a/openssh-6.7p1-seccomp-aarch64.patch
+++ b/openssh-6.7p1-seccomp-aarch64.patch
@ -1,14 +0,0 @@
-diff -up openssh/configure.ac.seccomp openssh/configure.ac
-diff -up openssh/sandbox-seccomp-filter.c.seccomp openssh/sandbox-seccomp-filter.c
--- openssh/sandbox-seccomp-filter.c.seccomp	2015-06-24 11:45:44.001581471 +0200
-+++ openssh/sandbox-seccomp-filter.c	2015-06-24 11:51:54.032635297 +0200
-@@ -165,6 +165,9 @@ static const struct sock_filter preauth_
- #ifdef __NR__newselect
- 	SC_ALLOW(_newselect),
- #endif
-+#ifdef __NR_pselect6 /* AArch64 */
-+	SC_ALLOW(pselect6),
-+#endif
- #ifdef __NR_poll
- 	SC_ALLOW(poll),
- #endif
--- a/openssh-6.9p1-seccomp-secondary.patch
+++ b/openssh-6.9p1-seccomp-secondary.patch
@ -0,0 +1,32 @@
+diff -up openssh/configure.ac.seccomp openssh/configure.ac
+diff -up openssh/sandbox-seccomp-filter.c.seccomp openssh/sandbox-seccomp-filter.c
+--- openssh/sandbox-seccomp-filter.c.seccomp	2015-06-24 11:45:44.001581471 +0200
+++ openssh/sandbox-seccomp-filter.c	2015-06-24 11:51:54.032635297 +0200
+@@ -165,6 +165,9 @@ static const struct sock_filter preauth_
+ #ifdef __NR__newselect
+ 	SC_ALLOW(_newselect),
+ #endif
+#ifdef __NR_pselect6 /* AArch64 */
+	SC_ALLOW(pselect6),
+#endif
+ #ifdef __NR_poll
+ 	SC_ALLOW(poll),
+ #endif
+diff --git a/configure.ac b/configure.ac
+index 24378a7..0bed910 100644
+--- a/configure.ac
+++ b/configure.ac
+@@ -811,6 +811,12 @@ main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16))
+ 	aarch64*-*)
+ 		seccomp_audit_arch=AUDIT_ARCH_AARCH64
+ 		;;
+        s390x-*)
+                seccomp_audit_arch=AUDIT_ARCH_S390X
+                ;;
+        s390-*)
+                seccomp_audit_arch=AUDIT_ARCH_S390
+                ;;
+ 	esac
+ 	if test "x$seccomp_audit_arch" != "x" ; then
+ 		AC_MSG_RESULT(["$seccomp_audit_arch"])
+
--- a/openssh.spec
+++ b/openssh.spec
@ -521,7 +521,7 @@ fi
 %endif
 %if %{WITH_SELINUX}
 	--with-selinux --with-audit=linux \
-%ifarch %{ix86} x86_64 %{arm} aarch64
+%ifarch %{ix86} x86_64 %{arm} aarch64 s390x x390
 	--with-sandbox=seccomp_filter \
 %else
 	--with-sandbox=rlimit \