From 7fa5057af560e5be550a78cc3674dbd083e3b0fc Mon Sep 17 00:00:00 2001
From: Jakub Jelen <jjelen@redhat.com>
Date: Mon, 8 Jun 2015 09:03:59 +0200
Subject: [PATCH] Return stat syscall to seccomp filter, since it is not yet
 completely legacy (#1228323)

 * problems occured with gssapi, which is trying to touch some libraries
---
 openssh-6.7p1-seccomp-aarch64.patch | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/openssh-6.7p1-seccomp-aarch64.patch b/openssh-6.7p1-seccomp-aarch64.patch
index 4285bd9..9f0cf30 100644
--- a/openssh-6.7p1-seccomp-aarch64.patch
+++ b/openssh-6.7p1-seccomp-aarch64.patch
@@ -21,12 +21,14 @@ diff --git a/sandbox-seccomp-filter.c b/sandbox-seccomp-filter.c
 index 095b04a..52f6810 100644
 --- a/sandbox-seccomp-filter.c
 +++ b/sandbox-seccomp-filter.c
-@@ -90,8 +90,20 @@ static const struct sock_filter preauth_insns[] = {
+@@ -90,8 +90,23 @@ static const struct sock_filter preauth_insns[] = {
  	/* Load the syscall number for checking. */
  	BPF_STMT(BPF_LD+BPF_W+BPF_ABS,
  		offsetof(struct seccomp_data, nr)),
 -	SC_DENY(open, EACCES),
--	SC_DENY(stat, EACCES),
++#ifdef __NR_stat
+ 	SC_DENY(stat, EACCES),
++#endif
 +	SC_DENY(openat, EACCES),
 +#ifdef __NR_open
 +	SC_DENY(open, EACCES), /* not on AArch64 */