diff options
author | Eduardo Barretto <ebarretto@linux.vnet.ibm.com> | 2017-05-09 10:53:04 -0300 |
---|---|---|
committer | Colin Watson <cjwatson@debian.org> | 2019-10-09 23:07:49 +0100 |
commit | cfc30ca51eba79f9f725c22528e3bfec036aa927 (patch) | |
tree | 1dd852f4861170650aa39c08397447bcbfc32d89 | |
parent | f0c916d8008c30809fef44469bee1b74426a3071 (diff) |
Allow flock and ipc syscall for s390 architecture
In order to use the OpenSSL-ibmpkcs11 engine it is needed to allow flock
and ipc calls, because this engine calls OpenCryptoki (a PKCS#11
implementation) which calls the libraries that will communicate with the
crypto cards. OpenCryptoki makes use of flock and ipc and, as of now,
this is only need on s390 architecture.
Signed-off-by: Eduardo Barretto <ebarretto@linux.vnet.ibm.com>
Origin: other, https://bugzilla.mindrot.org/show_bug.cgi?id=2752
Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=2752
Bug-Ubuntu: https://bugs.launchpad.net/bugs/1686618
Last-Update: 2018-10-19
Patch-Name: seccomp-s390-flock-ipc.patch
-rw-r--r-- | sandbox-seccomp-filter.c | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/sandbox-seccomp-filter.c b/sandbox-seccomp-filter.c index b5cda70bb..2f6b0d55b 100644 --- a/sandbox-seccomp-filter.c +++ b/sandbox-seccomp-filter.c | |||
@@ -194,6 +194,9 @@ static const struct sock_filter preauth_insns[] = { | |||
194 | #ifdef __NR_exit_group | 194 | #ifdef __NR_exit_group |
195 | SC_ALLOW(__NR_exit_group), | 195 | SC_ALLOW(__NR_exit_group), |
196 | #endif | 196 | #endif |
197 | #if defined(__NR_flock) && defined(__s390__) | ||
198 | SC_ALLOW(__NR_flock), | ||
199 | #endif | ||
197 | #ifdef __NR_futex | 200 | #ifdef __NR_futex |
198 | SC_ALLOW(__NR_futex), | 201 | SC_ALLOW(__NR_futex), |
199 | #endif | 202 | #endif |
@@ -221,6 +224,9 @@ static const struct sock_filter preauth_insns[] = { | |||
221 | #ifdef __NR_getuid32 | 224 | #ifdef __NR_getuid32 |
222 | SC_ALLOW(__NR_getuid32), | 225 | SC_ALLOW(__NR_getuid32), |
223 | #endif | 226 | #endif |
227 | #if defined(__NR_ipc) && defined(__s390__) | ||
228 | SC_ALLOW(__NR_ipc), | ||
229 | #endif | ||
224 | #ifdef __NR_madvise | 230 | #ifdef __NR_madvise |
225 | SC_ALLOW(__NR_madvise), | 231 | SC_ALLOW(__NR_madvise), |
226 | #endif | 232 | #endif |