diff options
author | Darren Tucker <dtucker@zip.com.au> | 2017-04-24 19:40:31 +1000 |
---|---|---|
committer | Darren Tucker <dtucker@zip.com.au> | 2017-04-24 19:40:31 +1000 |
commit | 8b0eee148f7cf8b248c30d1bae57300f2cc5aafd (patch) | |
tree | 43f03a9987bea9971dbcbf81ad4666ab35e9427f /dispatch.c | |
parent | f8500b2be599053daa05248a86a743232ec6a536 (diff) |
Deny socketcall in seccomp filter on ppc64le.
OpenSSL is using socket() calls (in FIPS mode) when handling ECDSA keys
in privsep child. The socket() syscall is already denied in the seccomp
filter, but in ppc64le kernel, it is implemented using socketcall()
syscall, which is not denied yet (only SYS_SHUTDOWN is allowed) and
therefore fails hard.
Patch from jjelen at redhat.com.
Diffstat (limited to 'dispatch.c')
0 files changed, 0 insertions, 0 deletions