diff options
| author | Eduardo Barretto <ebarretto@linux.vnet.ibm.com> | 2017-05-09 13:31:05 -0300 |
|---|---|---|
| committer | Colin Watson <cjwatson@debian.org> | 2017-10-04 13:54:48 +0100 |
| commit | 8165600205696cca8a080a5cb6746070512174e9 (patch) | |
| tree | d5b72f170085a83c74b88d96c799a568de9e5683 | |
| parent | a5a99443e190a90eb511215aa7c1fa940f79b901 (diff) | |
Allow getuid and geteuid calls
getuid and geteuid are needed when using an openssl engine that calls a
crypto card, e.g. ICA (libica).
Those syscalls are also needed by the distros for audit code.
Signed-off-by: Eduardo Barretto <ebarretto@linux.vnet.ibm.com>
Origin: other, https://bugzilla.mindrot.org/show_bug.cgi?id=2752
Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=2752
Bug-Ubuntu: https://bugs.launchpad.net/bugs/1686618
Last-Update: 2017-08-28
Patch-Name: seccomp-getuid-geteuid.patch
| -rw-r--r-- | sandbox-seccomp-filter.c | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/sandbox-seccomp-filter.c b/sandbox-seccomp-filter.c index 6e7de3114..e86aa2c91 100644 --- a/sandbox-seccomp-filter.c +++ b/sandbox-seccomp-filter.c | |||
| @@ -175,6 +175,18 @@ static const struct sock_filter preauth_insns[] = { | |||
| 175 | #ifdef __NR_getpid | 175 | #ifdef __NR_getpid |
| 176 | SC_ALLOW(__NR_getpid), | 176 | SC_ALLOW(__NR_getpid), |
| 177 | #endif | 177 | #endif |
| 178 | #ifdef __NR_getuid | ||
| 179 | SC_ALLOW(__NR_getuid), | ||
| 180 | #endif | ||
| 181 | #ifdef __NR_getuid32 | ||
| 182 | SC_ALLOW(__NR_getuid32), | ||
| 183 | #endif | ||
| 184 | #ifdef __NR_geteuid | ||
| 185 | SC_ALLOW(__NR_geteuid), | ||
| 186 | #endif | ||
| 187 | #ifdef __NR_geteuid32 | ||
| 188 | SC_ALLOW(__NR_geteuid32), | ||
| 189 | #endif | ||
| 178 | #ifdef __NR_getrandom | 190 | #ifdef __NR_getrandom |
| 179 | SC_ALLOW(__NR_getrandom), | 191 | SC_ALLOW(__NR_getrandom), |
| 180 | #endif | 192 | #endif |