summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorEduardo Barretto <ebarretto@linux.vnet.ibm.com>2017-05-09 10:53:04 -0300
committerColin Watson <cjwatson@debian.org>2018-10-20 22:54:09 +0100
commit690939ba320d93e6f3ab5266bea94d8fb06c8bae (patch)
tree38ab7f70623e6b60d429ee31ee381b5383eb38ef
parentcebe4b82b280810172877a7f3d489c506c9a0691 (diff)
Allow flock and ipc syscall for s390 architecture
In order to use the OpenSSL-ibmpkcs11 engine it is needed to allow flock and ipc calls, because this engine calls OpenCryptoki (a PKCS#11 implementation) which calls the libraries that will communicate with the crypto cards. OpenCryptoki makes use of flock and ipc and, as of now, this is only need on s390 architecture. Signed-off-by: Eduardo Barretto <ebarretto@linux.vnet.ibm.com> Origin: other, https://bugzilla.mindrot.org/show_bug.cgi?id=2752 Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=2752 Bug-Ubuntu: https://bugs.launchpad.net/bugs/1686618 Last-Update: 2018-10-19 Patch-Name: seccomp-s390-flock-ipc.patch
-rw-r--r--sandbox-seccomp-filter.c6
1 files changed, 6 insertions, 0 deletions
diff --git a/sandbox-seccomp-filter.c b/sandbox-seccomp-filter.c
index 5edbc6946..d4bc20828 100644
--- a/sandbox-seccomp-filter.c
+++ b/sandbox-seccomp-filter.c
@@ -166,6 +166,9 @@ static const struct sock_filter preauth_insns[] = {
166#ifdef __NR_exit_group 166#ifdef __NR_exit_group
167 SC_ALLOW(__NR_exit_group), 167 SC_ALLOW(__NR_exit_group),
168#endif 168#endif
169#if defined(__NR_flock) && defined(__s390__)
170 SC_ALLOW(__NR_flock),
171#endif
169#ifdef __NR_futex 172#ifdef __NR_futex
170 SC_ALLOW(__NR_futex), 173 SC_ALLOW(__NR_futex),
171#endif 174#endif
@@ -193,6 +196,9 @@ static const struct sock_filter preauth_insns[] = {
193#ifdef __NR_getuid32 196#ifdef __NR_getuid32
194 SC_ALLOW(__NR_getuid32), 197 SC_ALLOW(__NR_getuid32),
195#endif 198#endif
199#if defined(__NR_ipc) && defined(__s390__)
200 SC_ALLOW(__NR_ipc),
201#endif
196#ifdef __NR_madvise 202#ifdef __NR_madvise
197 SC_ALLOW(__NR_madvise), 203 SC_ALLOW(__NR_madvise),
198#endif 204#endif