diff options
Diffstat (limited to 'sandbox-seccomp-filter.c')
| -rw-r--r-- | sandbox-seccomp-filter.c | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/sandbox-seccomp-filter.c b/sandbox-seccomp-filter.c index af5525abb..6ceee33fe 100644 --- a/sandbox-seccomp-filter.c +++ b/sandbox-seccomp-filter.c | |||
| @@ -223,6 +223,12 @@ static const struct sock_filter preauth_insns[] = { | |||
| 223 | #ifdef __NR_socketcall | 223 | #ifdef __NR_socketcall |
| 224 | SC_ALLOW_ARG(socketcall, 0, SYS_SHUTDOWN), | 224 | SC_ALLOW_ARG(socketcall, 0, SYS_SHUTDOWN), |
| 225 | #endif | 225 | #endif |
| 226 | #if defined(__NR_ioctl) && defined(__s390__) | ||
| 227 | /* Allow ioctls for ICA crypto card on s390 */ | ||
| 228 | SC_ALLOW_ARG(ioctl, 1, Z90STAT_STATUS_MASK), | ||
| 229 | SC_ALLOW_ARG(ioctl, 1, ICARSAMODEXPO), | ||
| 230 | SC_ALLOW_ARG(ioctl, 1, ICARSACRT), | ||
| 231 | #endif /* defined(__NR_ioctl) && defined(__s390__) */ | ||
| 226 | 232 | ||
| 227 | /* Default deny */ | 233 | /* Default deny */ |
| 228 | BPF_STMT(BPF_RET+BPF_K, SECCOMP_FILTER_FAIL), | 234 | BPF_STMT(BPF_RET+BPF_K, SECCOMP_FILTER_FAIL), |