summaryrefslogtreecommitdiff
path: root/debian/patches/seccomp-s390-flock-ipc.patch
diff options
context:
space:
mode:
authorColin Watson <cjwatson@debian.org>2019-10-22 11:05:50 +0100
committerColin Watson <cjwatson@debian.org>2019-10-22 11:09:12 +0100
commite250ef620fa8f8fb9f252d9806de60dfa0760fa5 (patch)
treea71eae74316faac762516d57ee4900af671ee212 /debian/patches/seccomp-s390-flock-ipc.patch
parente50a98bda787a3b9f53ed67bdccbbac0bde1f9ae (diff)
parentcfa01c635debb10e05f5ac34d269809c77c582dc (diff)
Drop seccomp-s390-flock-ipc.patch for now
Drop "Allow flock and ipc syscall for s390 architecture" patch for now; upstream has security concerns with it and it doesn't currently seem to be needed.
Diffstat (limited to 'debian/patches/seccomp-s390-flock-ipc.patch')
-rw-r--r--debian/patches/seccomp-s390-flock-ipc.patch47
1 files changed, 0 insertions, 47 deletions
diff --git a/debian/patches/seccomp-s390-flock-ipc.patch b/debian/patches/seccomp-s390-flock-ipc.patch
deleted file mode 100644
index aaefa9ed4..000000000
--- a/debian/patches/seccomp-s390-flock-ipc.patch
+++ /dev/null
@@ -1,47 +0,0 @@
1From cfc30ca51eba79f9f725c22528e3bfec036aa927 Mon Sep 17 00:00:00 2001
2From: Eduardo Barretto <ebarretto@linux.vnet.ibm.com>
3Date: Tue, 9 May 2017 10:53:04 -0300
4Subject: Allow flock and ipc syscall for s390 architecture
5
6In order to use the OpenSSL-ibmpkcs11 engine it is needed to allow flock
7and ipc calls, because this engine calls OpenCryptoki (a PKCS#11
8implementation) which calls the libraries that will communicate with the
9crypto cards. OpenCryptoki makes use of flock and ipc and, as of now,
10this is only need on s390 architecture.
11
12Signed-off-by: Eduardo Barretto <ebarretto@linux.vnet.ibm.com>
13
14Origin: other, https://bugzilla.mindrot.org/show_bug.cgi?id=2752
15Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=2752
16Bug-Ubuntu: https://bugs.launchpad.net/bugs/1686618
17Last-Update: 2018-10-19
18
19Patch-Name: seccomp-s390-flock-ipc.patch
20---
21 sandbox-seccomp-filter.c | 6 ++++++
22 1 file changed, 6 insertions(+)
23
24diff --git a/sandbox-seccomp-filter.c b/sandbox-seccomp-filter.c
25index b5cda70bb..2f6b0d55b 100644
26--- a/sandbox-seccomp-filter.c
27+++ b/sandbox-seccomp-filter.c
28@@ -194,6 +194,9 @@ static const struct sock_filter preauth_insns[] = {
29 #ifdef __NR_exit_group
30 SC_ALLOW(__NR_exit_group),
31 #endif
32+#if defined(__NR_flock) && defined(__s390__)
33+ SC_ALLOW(__NR_flock),
34+#endif
35 #ifdef __NR_futex
36 SC_ALLOW(__NR_futex),
37 #endif
38@@ -221,6 +224,9 @@ static const struct sock_filter preauth_insns[] = {
39 #ifdef __NR_getuid32
40 SC_ALLOW(__NR_getuid32),
41 #endif
42+#if defined(__NR_ipc) && defined(__s390__)
43+ SC_ALLOW(__NR_ipc),
44+#endif
45 #ifdef __NR_madvise
46 SC_ALLOW(__NR_madvise),
47 #endif