diff options
author | Colin Watson <cjwatson@debian.org> | 2019-10-22 11:05:50 +0100 |
---|---|---|
committer | Colin Watson <cjwatson@debian.org> | 2019-10-22 11:09:12 +0100 |
commit | e250ef620fa8f8fb9f252d9806de60dfa0760fa5 (patch) | |
tree | a71eae74316faac762516d57ee4900af671ee212 /debian/patches/seccomp-s390-flock-ipc.patch | |
parent | e50a98bda787a3b9f53ed67bdccbbac0bde1f9ae (diff) | |
parent | cfa01c635debb10e05f5ac34d269809c77c582dc (diff) |
Drop seccomp-s390-flock-ipc.patch for now
Drop "Allow flock and ipc syscall for s390 architecture" patch for now;
upstream has security concerns with it and it doesn't currently seem to
be needed.
Diffstat (limited to 'debian/patches/seccomp-s390-flock-ipc.patch')
-rw-r--r-- | debian/patches/seccomp-s390-flock-ipc.patch | 47 |
1 files changed, 0 insertions, 47 deletions
diff --git a/debian/patches/seccomp-s390-flock-ipc.patch b/debian/patches/seccomp-s390-flock-ipc.patch deleted file mode 100644 index aaefa9ed4..000000000 --- a/debian/patches/seccomp-s390-flock-ipc.patch +++ /dev/null | |||
@@ -1,47 +0,0 @@ | |||
1 | From cfc30ca51eba79f9f725c22528e3bfec036aa927 Mon Sep 17 00:00:00 2001 | ||
2 | From: Eduardo Barretto <ebarretto@linux.vnet.ibm.com> | ||
3 | Date: Tue, 9 May 2017 10:53:04 -0300 | ||
4 | Subject: Allow flock and ipc syscall for s390 architecture | ||
5 | |||
6 | In order to use the OpenSSL-ibmpkcs11 engine it is needed to allow flock | ||
7 | and ipc calls, because this engine calls OpenCryptoki (a PKCS#11 | ||
8 | implementation) which calls the libraries that will communicate with the | ||
9 | crypto cards. OpenCryptoki makes use of flock and ipc and, as of now, | ||
10 | this is only need on s390 architecture. | ||
11 | |||
12 | Signed-off-by: Eduardo Barretto <ebarretto@linux.vnet.ibm.com> | ||
13 | |||
14 | Origin: other, https://bugzilla.mindrot.org/show_bug.cgi?id=2752 | ||
15 | Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=2752 | ||
16 | Bug-Ubuntu: https://bugs.launchpad.net/bugs/1686618 | ||
17 | Last-Update: 2018-10-19 | ||
18 | |||
19 | Patch-Name: seccomp-s390-flock-ipc.patch | ||
20 | --- | ||
21 | sandbox-seccomp-filter.c | 6 ++++++ | ||
22 | 1 file changed, 6 insertions(+) | ||
23 | |||
24 | diff --git a/sandbox-seccomp-filter.c b/sandbox-seccomp-filter.c | ||
25 | index b5cda70bb..2f6b0d55b 100644 | ||
26 | --- a/sandbox-seccomp-filter.c | ||
27 | +++ b/sandbox-seccomp-filter.c | ||
28 | @@ -194,6 +194,9 @@ static const struct sock_filter preauth_insns[] = { | ||
29 | #ifdef __NR_exit_group | ||
30 | SC_ALLOW(__NR_exit_group), | ||
31 | #endif | ||
32 | +#if defined(__NR_flock) && defined(__s390__) | ||
33 | + SC_ALLOW(__NR_flock), | ||
34 | +#endif | ||
35 | #ifdef __NR_futex | ||
36 | SC_ALLOW(__NR_futex), | ||
37 | #endif | ||
38 | @@ -221,6 +224,9 @@ static const struct sock_filter preauth_insns[] = { | ||
39 | #ifdef __NR_getuid32 | ||
40 | SC_ALLOW(__NR_getuid32), | ||
41 | #endif | ||
42 | +#if defined(__NR_ipc) && defined(__s390__) | ||
43 | + SC_ALLOW(__NR_ipc), | ||
44 | +#endif | ||
45 | #ifdef __NR_madvise | ||
46 | SC_ALLOW(__NR_madvise), | ||
47 | #endif | ||