summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDamien Miller <djm@mindrot.org>2017-03-14 13:15:18 +1100
committerDamien Miller <djm@mindrot.org>2017-03-14 17:53:17 +1100
commit5f1596e11d55539678c41f68aed358628d33d86f (patch)
treef3fb3664371f534c80c4dc75ad3f7206db244d45
parentb1b22dd0df2668b322dda174e501dccba2cf5c44 (diff)
support ioctls for ICA crypto card on Linux/s390
Based on patch from Eduardo Barretto; ok dtucker@
-rw-r--r--sandbox-seccomp-filter.c6
1 files changed, 6 insertions, 0 deletions
diff --git a/sandbox-seccomp-filter.c b/sandbox-seccomp-filter.c
index af5525abb..6ceee33fe 100644
--- a/sandbox-seccomp-filter.c
+++ b/sandbox-seccomp-filter.c
@@ -223,6 +223,12 @@ static const struct sock_filter preauth_insns[] = {
223#ifdef __NR_socketcall 223#ifdef __NR_socketcall
224 SC_ALLOW_ARG(socketcall, 0, SYS_SHUTDOWN), 224 SC_ALLOW_ARG(socketcall, 0, SYS_SHUTDOWN),
225#endif 225#endif
226#if defined(__NR_ioctl) && defined(__s390__)
227 /* Allow ioctls for ICA crypto card on s390 */
228 SC_ALLOW_ARG(ioctl, 1, Z90STAT_STATUS_MASK),
229 SC_ALLOW_ARG(ioctl, 1, ICARSAMODEXPO),
230 SC_ALLOW_ARG(ioctl, 1, ICARSACRT),
231#endif /* defined(__NR_ioctl) && defined(__s390__) */
226 232
227 /* Default deny */ 233 /* Default deny */
228 BPF_STMT(BPF_RET+BPF_K, SECCOMP_FILTER_FAIL), 234 BPF_STMT(BPF_RET+BPF_K, SECCOMP_FILTER_FAIL),