diff options
| author | Eduardo Barretto <ebarretto@linux.vnet.ibm.com> | 2017-05-09 13:31:05 -0300 |
|---|---|---|
| committer | Colin Watson <cjwatson@debian.org> | 2017-08-28 12:12:51 +0100 |
| commit | b2195f2116754f99fff8ceae026931be3aa3cd3b (patch) | |
| tree | 3ae57b73d2efbc1ec8925d10a47ca53263559b29 | |
| parent | 057d62d148428cf0411cf37d00feb8741e5a424c (diff) | |
Allow getuid and geteuid calls
getuid and geteuid are needed when using an openssl engine that calls a
crypto card, e.g. ICA (libica).
Those syscalls are also needed by the distros for audit code.
Signed-off-by: Eduardo Barretto <ebarretto@linux.vnet.ibm.com>
Origin: other, https://bugzilla.mindrot.org/show_bug.cgi?id=2752
Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=2752
Bug-Ubuntu: https://bugs.launchpad.net/bugs/1686618
Last-Update: 2017-08-28
Patch-Name: seccomp-getuid-geteuid.patch
| -rw-r--r-- | sandbox-seccomp-filter.c | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/sandbox-seccomp-filter.c b/sandbox-seccomp-filter.c index 997b66ffa..4cbaaa2e6 100644 --- a/sandbox-seccomp-filter.c +++ b/sandbox-seccomp-filter.c | |||
| @@ -175,6 +175,18 @@ static const struct sock_filter preauth_insns[] = { | |||
| 175 | #ifdef __NR_getpid | 175 | #ifdef __NR_getpid |
| 176 | SC_ALLOW(__NR_getpid), | 176 | SC_ALLOW(__NR_getpid), |
| 177 | #endif | 177 | #endif |
| 178 | #ifdef __NR_getuid | ||
| 179 | SC_ALLOW(__NR_getuid), | ||
| 180 | #endif | ||
| 181 | #ifdef __NR_getuid32 | ||
| 182 | SC_ALLOW(__NR_getuid32), | ||
| 183 | #endif | ||
| 184 | #ifdef __NR_geteuid | ||
| 185 | SC_ALLOW(__NR_geteuid), | ||
| 186 | #endif | ||
| 187 | #ifdef __NR_geteuid32 | ||
| 188 | SC_ALLOW(__NR_geteuid32), | ||
| 189 | #endif | ||
| 178 | #ifdef __NR_getrandom | 190 | #ifdef __NR_getrandom |
| 179 | SC_ALLOW(__NR_getrandom), | 191 | SC_ALLOW(__NR_getrandom), |
| 180 | #endif | 192 | #endif |