diff options
| author | Damien Miller <djm@mindrot.org> | 2017-03-14 13:15:18 +1100 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2017-03-14 17:53:17 +1100 |
| commit | 5f1596e11d55539678c41f68aed358628d33d86f (patch) | |
| tree | f3fb3664371f534c80c4dc75ad3f7206db244d45 | |
| parent | b1b22dd0df2668b322dda174e501dccba2cf5c44 (diff) | |
support ioctls for ICA crypto card on Linux/s390
Based on patch from Eduardo Barretto; ok dtucker@
| -rw-r--r-- | sandbox-seccomp-filter.c | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/sandbox-seccomp-filter.c b/sandbox-seccomp-filter.c index af5525abb..6ceee33fe 100644 --- a/sandbox-seccomp-filter.c +++ b/sandbox-seccomp-filter.c | |||
| @@ -223,6 +223,12 @@ static const struct sock_filter preauth_insns[] = { | |||
| 223 | #ifdef __NR_socketcall | 223 | #ifdef __NR_socketcall |
| 224 | SC_ALLOW_ARG(socketcall, 0, SYS_SHUTDOWN), | 224 | SC_ALLOW_ARG(socketcall, 0, SYS_SHUTDOWN), |
| 225 | #endif | 225 | #endif |
| 226 | #if defined(__NR_ioctl) && defined(__s390__) | ||
| 227 | /* Allow ioctls for ICA crypto card on s390 */ | ||
| 228 | SC_ALLOW_ARG(ioctl, 1, Z90STAT_STATUS_MASK), | ||
| 229 | SC_ALLOW_ARG(ioctl, 1, ICARSAMODEXPO), | ||
| 230 | SC_ALLOW_ARG(ioctl, 1, ICARSACRT), | ||
| 231 | #endif /* defined(__NR_ioctl) && defined(__s390__) */ | ||
| 226 | 232 | ||
| 227 | /* Default deny */ | 233 | /* Default deny */ |
| 228 | BPF_STMT(BPF_RET+BPF_K, SECCOMP_FILTER_FAIL), | 234 | BPF_STMT(BPF_RET+BPF_K, SECCOMP_FILTER_FAIL), |