diff options
| author | Eduardo Barretto <ebarretto@linux.vnet.ibm.com> | 2017-05-09 13:31:05 -0300 |
|---|---|---|
| committer | Colin Watson <cjwatson@debian.org> | 2018-04-03 08:30:15 +0100 |
| commit | 979c7c92111e0682d02888be50a3322c7de6520a (patch) | |
| tree | 11430149782b02003046aa2520ce1ecb26282dae | |
| parent | a8dba2230bc3de444c48e48d1bfd57aca1db82b1 (diff) | |
Allow getuid and geteuid calls
getuid and geteuid are needed when using an openssl engine that calls a
crypto card, e.g. ICA (libica).
Those syscalls are also needed by the distros for audit code.
Signed-off-by: Eduardo Barretto <ebarretto@linux.vnet.ibm.com>
Origin: other, https://bugzilla.mindrot.org/show_bug.cgi?id=2752
Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=2752
Bug-Ubuntu: https://bugs.launchpad.net/bugs/1686618
Last-Update: 2017-08-28
Patch-Name: seccomp-getuid-geteuid.patch
| -rw-r--r-- | sandbox-seccomp-filter.c | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/sandbox-seccomp-filter.c b/sandbox-seccomp-filter.c index 6e7de3114..e86aa2c91 100644 --- a/sandbox-seccomp-filter.c +++ b/sandbox-seccomp-filter.c | |||
| @@ -175,6 +175,18 @@ static const struct sock_filter preauth_insns[] = { | |||
| 175 | #ifdef __NR_getpid | 175 | #ifdef __NR_getpid |
| 176 | SC_ALLOW(__NR_getpid), | 176 | SC_ALLOW(__NR_getpid), |
| 177 | #endif | 177 | #endif |
| 178 | #ifdef __NR_getuid | ||
| 179 | SC_ALLOW(__NR_getuid), | ||
| 180 | #endif | ||
| 181 | #ifdef __NR_getuid32 | ||
| 182 | SC_ALLOW(__NR_getuid32), | ||
| 183 | #endif | ||
| 184 | #ifdef __NR_geteuid | ||
| 185 | SC_ALLOW(__NR_geteuid), | ||
| 186 | #endif | ||
| 187 | #ifdef __NR_geteuid32 | ||
| 188 | SC_ALLOW(__NR_geteuid32), | ||
| 189 | #endif | ||
| 178 | #ifdef __NR_getrandom | 190 | #ifdef __NR_getrandom |
| 179 | SC_ALLOW(__NR_getrandom), | 191 | SC_ALLOW(__NR_getrandom), |
| 180 | #endif | 192 | #endif |