1 files changed, 44 insertions, 0 deletions
diff --git a/debian/patches/seccomp-getuid-geteuid.patch b/debian/patches/seccomp-getuid-geteuid.patch
new file mode 100644
index 000000000..c829abaa9
--- /dev/null
+++ b/debian/patches/seccomp-getuid-geteuid.patch
@@ -0,0 +1,44 @@
+From b2195f2116754f99fff8ceae026931be3aa3cd3b Mon Sep 17 00:00:00 2001
+From: Eduardo Barretto <ebarretto@linux.vnet.ibm.com>
+Date: Tue, 9 May 2017 13:31:05 -0300
+Subject: Allow getuid and geteuid calls
+getuid and geteuid are needed when using an openssl engine that calls a
+crypto card, e.g. ICA (libica).
+Those syscalls are also needed by the distros for audit code.
+Signed-off-by: Eduardo Barretto <ebarretto@linux.vnet.ibm.com>
+Origin: other, https://bugzilla.mindrot.org/show_bug.cgi?id=2752
+Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=2752
+Bug-Ubuntu: https://bugs.launchpad.net/bugs/1686618
+Last-Update: 2017-08-28
+Patch-Name: seccomp-getuid-geteuid.patch
+---
+ sandbox-seccomp-filter.c | 12 ++++++++++++
+ 1 file changed, 12 insertions(+)
+diff --git a/sandbox-seccomp-filter.c b/sandbox-seccomp-filter.c
+index 997b66ff..4cbaaa2e 100644
+--- a/sandbox-seccomp-filter.c
+++ b/sandbox-seccomp-filter.c
+@@ -175,6 +175,18 @@ static const struct sock_filter preauth_insns[] = {
+ #ifdef __NR_getpid
+        SC_ALLOW(__NR_getpid),
+ #endif
+#ifdef __NR_getuid
+       SC_ALLOW(__NR_getuid),
+#endif
+#ifdef __NR_getuid32
+       SC_ALLOW(__NR_getuid32),
+#endif
+#ifdef __NR_geteuid
+       SC_ALLOW(__NR_geteuid),
+#endif
+#ifdef __NR_geteuid32
+       SC_ALLOW(__NR_geteuid32),
+#endif
+ #ifdef __NR_getrandom
+        SC_ALLOW(__NR_getrandom),
+ #endif

diff --git a/debian/patches/seccomp-getuid-geteuid.patch b/debian/patches/seccomp-getuid-geteuid.patch new file mode 100644 index 000000000..c829abaa9 --- /dev/null +++ b/debian/patches/seccomp-getuid-geteuid.patch
@@ -0,0 +1,44 @@
	1	From b2195f2116754f99fff8ceae026931be3aa3cd3b Mon Sep 17 00:00:00 2001
	2	From: Eduardo Barretto <ebarretto@linux.vnet.ibm.com>
	3	Date: Tue, 9 May 2017 13:31:05 -0300
	4	Subject: Allow getuid and geteuid calls
	5
	6	getuid and geteuid are needed when using an openssl engine that calls a
	7	crypto card, e.g. ICA (libica).
	8	Those syscalls are also needed by the distros for audit code.
	9
	10	Signed-off-by: Eduardo Barretto <ebarretto@linux.vnet.ibm.com>
	11
	12	Origin: other, https://bugzilla.mindrot.org/show_bug.cgi?id=2752
	13	Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=2752
	14	Bug-Ubuntu: https://bugs.launchpad.net/bugs/1686618
	15	Last-Update: 2017-08-28
	16
	17	Patch-Name: seccomp-getuid-geteuid.patch
	18	---
	19	sandbox-seccomp-filter.c \| 12 ++++++++++++
	20	1 file changed, 12 insertions(+)
	21
	22	diff --git a/sandbox-seccomp-filter.c b/sandbox-seccomp-filter.c
	23	index 997b66ff..4cbaaa2e 100644
	24	--- a/sandbox-seccomp-filter.c
	25	+++ b/sandbox-seccomp-filter.c
	26	@@ -175,6 +175,18 @@ static const struct sock_filter preauth_insns[] = {
	27	#ifdef __NR_getpid
	28	SC_ALLOW(__NR_getpid),
	29	#endif
	30	+#ifdef __NR_getuid
	31	+ SC_ALLOW(__NR_getuid),
	32	+#endif
	33	+#ifdef __NR_getuid32
	34	+ SC_ALLOW(__NR_getuid32),
	35	+#endif
	36	+#ifdef __NR_geteuid
	37	+ SC_ALLOW(__NR_geteuid),
	38	+#endif
	39	+#ifdef __NR_geteuid32
	40	+ SC_ALLOW(__NR_geteuid32),
	41	+#endif
	42	#ifdef __NR_getrandom
	43	SC_ALLOW(__NR_getrandom),
	44	#endif