summaryrefslogtreecommitdiff
path: root/debian/patches/seccomp-getuid-geteuid.patch
blob: 41455aa839b0c9ed54aba5315b99863ab292d094 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
From 8165600205696cca8a080a5cb6746070512174e9 Mon Sep 17 00:00:00 2001
From: Eduardo Barretto <ebarretto@linux.vnet.ibm.com>
Date: Tue, 9 May 2017 13:31:05 -0300
Subject: Allow getuid and geteuid calls

getuid and geteuid are needed when using an openssl engine that calls a
crypto card, e.g. ICA (libica).
Those syscalls are also needed by the distros for audit code.

Signed-off-by: Eduardo Barretto <ebarretto@linux.vnet.ibm.com>

Origin: other, https://bugzilla.mindrot.org/show_bug.cgi?id=2752
Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=2752
Bug-Ubuntu: https://bugs.launchpad.net/bugs/1686618
Last-Update: 2017-08-28

Patch-Name: seccomp-getuid-geteuid.patch
---
 sandbox-seccomp-filter.c | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/sandbox-seccomp-filter.c b/sandbox-seccomp-filter.c
index 6e7de311..e86aa2c9 100644
--- a/sandbox-seccomp-filter.c
+++ b/sandbox-seccomp-filter.c
@@ -175,6 +175,18 @@ static const struct sock_filter preauth_insns[] = {
 #ifdef __NR_getpid
 	SC_ALLOW(__NR_getpid),
 #endif
+#ifdef __NR_getuid
+	SC_ALLOW(__NR_getuid),
+#endif
+#ifdef __NR_getuid32
+	SC_ALLOW(__NR_getuid32),
+#endif
+#ifdef __NR_geteuid
+	SC_ALLOW(__NR_geteuid),
+#endif
+#ifdef __NR_geteuid32
+	SC_ALLOW(__NR_geteuid32),
+#endif
 #ifdef __NR_getrandom
 	SC_ALLOW(__NR_getrandom),
 #endif