Allow building seccomp filters also for s390(x) architectures (#1195065)

This commit is contained in:
Jakub Jelen 2015-07-02 17:10:58 +02:00
parent 274e22c863
commit 58ba50440e
3 changed files with 33 additions and 15 deletions

View File

@ -1,14 +0,0 @@
diff -up openssh/configure.ac.seccomp openssh/configure.ac
diff -up openssh/sandbox-seccomp-filter.c.seccomp openssh/sandbox-seccomp-filter.c
--- openssh/sandbox-seccomp-filter.c.seccomp 2015-06-24 11:45:44.001581471 +0200
+++ openssh/sandbox-seccomp-filter.c 2015-06-24 11:51:54.032635297 +0200
@@ -165,6 +165,9 @@ static const struct sock_filter preauth_
#ifdef __NR__newselect
SC_ALLOW(_newselect),
#endif
+#ifdef __NR_pselect6 /* AArch64 */
+ SC_ALLOW(pselect6),
+#endif
#ifdef __NR_poll
SC_ALLOW(poll),
#endif

View File

@ -0,0 +1,32 @@
diff -up openssh/configure.ac.seccomp openssh/configure.ac
diff -up openssh/sandbox-seccomp-filter.c.seccomp openssh/sandbox-seccomp-filter.c
--- openssh/sandbox-seccomp-filter.c.seccomp 2015-06-24 11:45:44.001581471 +0200
+++ openssh/sandbox-seccomp-filter.c 2015-06-24 11:51:54.032635297 +0200
@@ -165,6 +165,9 @@ static const struct sock_filter preauth_
#ifdef __NR__newselect
SC_ALLOW(_newselect),
#endif
+#ifdef __NR_pselect6 /* AArch64 */
+ SC_ALLOW(pselect6),
+#endif
#ifdef __NR_poll
SC_ALLOW(poll),
#endif
diff --git a/configure.ac b/configure.ac
index 24378a7..0bed910 100644
--- a/configure.ac
+++ b/configure.ac
@@ -811,6 +811,12 @@ main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16))
aarch64*-*)
seccomp_audit_arch=AUDIT_ARCH_AARCH64
;;
+ s390x-*)
+ seccomp_audit_arch=AUDIT_ARCH_S390X
+ ;;
+ s390-*)
+ seccomp_audit_arch=AUDIT_ARCH_S390
+ ;;
esac
if test "x$seccomp_audit_arch" != "x" ; then
AC_MSG_RESULT(["$seccomp_audit_arch"])

View File

@ -521,7 +521,7 @@ fi
%endif %endif
%if %{WITH_SELINUX} %if %{WITH_SELINUX}
--with-selinux --with-audit=linux \ --with-selinux --with-audit=linux \
%ifarch %{ix86} x86_64 %{arm} aarch64 %ifarch %{ix86} x86_64 %{arm} aarch64 s390x x390
--with-sandbox=seccomp_filter \ --with-sandbox=seccomp_filter \
%else %else
--with-sandbox=rlimit \ --with-sandbox=rlimit \