summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorEduardo Barretto <ebarretto@linux.vnet.ibm.com>2017-05-09 13:31:05 -0300
committerColin Watson <cjwatson@debian.org>2018-04-03 08:30:15 +0100
commit979c7c92111e0682d02888be50a3322c7de6520a (patch)
tree11430149782b02003046aa2520ce1ecb26282dae
parenta8dba2230bc3de444c48e48d1bfd57aca1db82b1 (diff)
Allow getuid and geteuid calls
getuid and geteuid are needed when using an openssl engine that calls a crypto card, e.g. ICA (libica). Those syscalls are also needed by the distros for audit code. Signed-off-by: Eduardo Barretto <ebarretto@linux.vnet.ibm.com> Origin: other, https://bugzilla.mindrot.org/show_bug.cgi?id=2752 Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=2752 Bug-Ubuntu: https://bugs.launchpad.net/bugs/1686618 Last-Update: 2017-08-28 Patch-Name: seccomp-getuid-geteuid.patch
-rw-r--r--sandbox-seccomp-filter.c12
1 files changed, 12 insertions, 0 deletions
diff --git a/sandbox-seccomp-filter.c b/sandbox-seccomp-filter.c
index 6e7de3114..e86aa2c91 100644
--- a/sandbox-seccomp-filter.c
+++ b/sandbox-seccomp-filter.c
@@ -175,6 +175,18 @@ static const struct sock_filter preauth_insns[] = {
175#ifdef __NR_getpid 175#ifdef __NR_getpid
176 SC_ALLOW(__NR_getpid), 176 SC_ALLOW(__NR_getpid),
177#endif 177#endif
178#ifdef __NR_getuid
179 SC_ALLOW(__NR_getuid),
180#endif
181#ifdef __NR_getuid32
182 SC_ALLOW(__NR_getuid32),
183#endif
184#ifdef __NR_geteuid
185 SC_ALLOW(__NR_geteuid),
186#endif
187#ifdef __NR_geteuid32
188 SC_ALLOW(__NR_geteuid32),
189#endif
178#ifdef __NR_getrandom 190#ifdef __NR_getrandom
179 SC_ALLOW(__NR_getrandom), 191 SC_ALLOW(__NR_getrandom),
180#endif 192#endif