GSSAPI requires futex syscall in privsep child (#1395288)

2016-11-16 08:38:35 +01:00 · 2016-11-16 08:38:35 +01:00 · ef1da17783
commit ef1da17783
parent ccf623128a
1 changed files with 14 additions and 0 deletions
--- a/openssh-7.2p1-gsskex.patch
+++ b/openssh-7.2p1-gsskex.patch
@ -3002,3 +3002,17 @@ index e2ca8a1..6c5ac3f 100644
 +
 #endif /* ! _PORT_LINUX_H */

+diff --git a/sandbox-seccomp-filter.c b/sandbox-seccomp-filter.c
+index 3e6f982..4c2653f 100644
+--- a/sandbox-seccomp-filter.c
+++ b/sandbox-seccomp-filter.c
+@@ -213,6 +213,9 @@ static const struct sock_filter preauth_insns[] = {
+ #ifdef __NR_write
+ 	SC_ALLOW(write),
+ #endif
+#ifdef __NR_futex
+	SC_ALLOW(futex), /* for GSSAPI Kex */
+#endif
+ #ifdef __NR_socketcall
+ 	SC_ALLOW_ARG(socketcall, 0, SYS_SHUTDOWN),
+ #endif