[openssh] Fix seccomp filter for ix68 (#1194401), fix previous commit
Jakub Jelen
jjelen at fedoraproject.org
Mon Feb 23 11:19:56 UTC 2015
commit d5a8001387751ef6a1383f5520e9b18325199d09
Author: Jakub Jelen <jjelen at redhat.com>
Date: Mon Feb 23 11:51:23 2015 +0100
Fix seccomp filter for ix68 (#1194401), fix previous commit
openssh-6.7p1-audit.patch | 3 ++-
openssh.spec | 4 +---
2 files changed, 3 insertions(+), 4 deletions(-)
---
diff --git a/openssh-6.7p1-audit.patch b/openssh-6.7p1-audit.patch
index 292509d..ed237e2 100644
--- a/openssh-6.7p1-audit.patch
+++ b/openssh-6.7p1-audit.patch
@@ -2377,12 +2377,13 @@ index 4554b09..226a494 100644
diff -U3 openssh-6.6p1/sandbox-seccomp-filter.c openssh-6.6p1.seccomp/sandbox-seccomp-filter.c
--- openssh-6.6p1/sandbox-seccomp-filter.c 2014-02-06 01:17:50.000000000 +0100
+++ openssh-6.6p1.seccomp/sandbox-seccomp-filter.c 2015-02-11 09:07:10.885000000 +0100
-@@ -95,6 +95,9 @@
+@@ -95,6 +95,10 @@
#ifdef __NR_time /* not defined on EABI ARM */
SC_ALLOW(time),
#endif
+#ifdef SSH_AUDIT_EVENTS
+ SC_ALLOW(getuid),
++ SC_ALLOW(getuid32),
+#endif
SC_ALLOW(read),
SC_ALLOW(write),
diff --git a/openssh.spec b/openssh.spec
index 4d6d33c..050f53a 100644
--- a/openssh.spec
+++ b/openssh.spec
@@ -510,11 +510,9 @@ fi
%if %{WITH_SELINUX}
--with-selinux --with-audit=linux \
%ifarch %{ix86} x86_64 %{arm}
-# seccomp_filter cannot be build right now on aarch64/ppc64*/s390*
-# being tracked in RHBZ 1195065
--with-sandbox=seccomp_filter \
%else
- --with-sandbox=rlimit \
+ --with-sandbox=rlimit \
%endif
%endif
%if %{kerberos5}
More information about the scm-commits
mailing list