summaryrefslogtreecommitdiff
path: root/debian/patches/seccomp-s390-flock-ipc.patch
diff options
context:
space:
mode:
Diffstat (limited to 'debian/patches/seccomp-s390-flock-ipc.patch')
-rw-r--r--debian/patches/seccomp-s390-flock-ipc.patch47
1 files changed, 47 insertions, 0 deletions
diff --git a/debian/patches/seccomp-s390-flock-ipc.patch b/debian/patches/seccomp-s390-flock-ipc.patch
new file mode 100644
index 000000000..e864427bd
--- /dev/null
+++ b/debian/patches/seccomp-s390-flock-ipc.patch
@@ -0,0 +1,47 @@
1From 690939ba320d93e6f3ab5266bea94d8fb06c8bae Mon Sep 17 00:00:00 2001
2From: Eduardo Barretto <ebarretto@linux.vnet.ibm.com>
3Date: Tue, 9 May 2017 10:53:04 -0300
4Subject: Allow flock and ipc syscall for s390 architecture
5
6In order to use the OpenSSL-ibmpkcs11 engine it is needed to allow flock
7and ipc calls, because this engine calls OpenCryptoki (a PKCS#11
8implementation) which calls the libraries that will communicate with the
9crypto cards. OpenCryptoki makes use of flock and ipc and, as of now,
10this is only need on s390 architecture.
11
12Signed-off-by: Eduardo Barretto <ebarretto@linux.vnet.ibm.com>
13
14Origin: other, https://bugzilla.mindrot.org/show_bug.cgi?id=2752
15Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=2752
16Bug-Ubuntu: https://bugs.launchpad.net/bugs/1686618
17Last-Update: 2018-10-19
18
19Patch-Name: seccomp-s390-flock-ipc.patch
20---
21 sandbox-seccomp-filter.c | 6 ++++++
22 1 file changed, 6 insertions(+)
23
24diff --git a/sandbox-seccomp-filter.c b/sandbox-seccomp-filter.c
25index 5edbc6946..d4bc20828 100644
26--- a/sandbox-seccomp-filter.c
27+++ b/sandbox-seccomp-filter.c
28@@ -166,6 +166,9 @@ static const struct sock_filter preauth_insns[] = {
29 #ifdef __NR_exit_group
30 SC_ALLOW(__NR_exit_group),
31 #endif
32+#if defined(__NR_flock) && defined(__s390__)
33+ SC_ALLOW(__NR_flock),
34+#endif
35 #ifdef __NR_futex
36 SC_ALLOW(__NR_futex),
37 #endif
38@@ -193,6 +196,9 @@ static const struct sock_filter preauth_insns[] = {
39 #ifdef __NR_getuid32
40 SC_ALLOW(__NR_getuid32),
41 #endif
42+#if defined(__NR_ipc) && defined(__s390__)
43+ SC_ALLOW(__NR_ipc),
44+#endif
45 #ifdef __NR_madvise
46 SC_ALLOW(__NR_madvise),
47 #endif