diff options
Diffstat (limited to 'debian/patches/seccomp-s390-flock-ipc.patch')
-rw-r--r-- | debian/patches/seccomp-s390-flock-ipc.patch | 47 |
1 files changed, 47 insertions, 0 deletions
diff --git a/debian/patches/seccomp-s390-flock-ipc.patch b/debian/patches/seccomp-s390-flock-ipc.patch new file mode 100644 index 0000000..e864427 --- /dev/null +++ b/debian/patches/seccomp-s390-flock-ipc.patch @@ -0,0 +1,47 @@ +From 690939ba320d93e6f3ab5266bea94d8fb06c8bae Mon Sep 17 00:00:00 2001 +From: Eduardo Barretto <ebarretto@linux.vnet.ibm.com> +Date: Tue, 9 May 2017 10:53:04 -0300 +Subject: Allow flock and ipc syscall for s390 architecture + +In order to use the OpenSSL-ibmpkcs11 engine it is needed to allow flock +and ipc calls, because this engine calls OpenCryptoki (a PKCS#11 +implementation) which calls the libraries that will communicate with the +crypto cards. OpenCryptoki makes use of flock and ipc and, as of now, +this is only need on s390 architecture. + +Signed-off-by: Eduardo Barretto <ebarretto@linux.vnet.ibm.com> + +Origin: other, https://bugzilla.mindrot.org/show_bug.cgi?id=2752 +Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=2752 +Bug-Ubuntu: https://bugs.launchpad.net/bugs/1686618 +Last-Update: 2018-10-19 + +Patch-Name: seccomp-s390-flock-ipc.patch +--- + sandbox-seccomp-filter.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +diff --git a/sandbox-seccomp-filter.c b/sandbox-seccomp-filter.c +index 5edbc6946..d4bc20828 100644 +--- a/sandbox-seccomp-filter.c ++++ b/sandbox-seccomp-filter.c +@@ -166,6 +166,9 @@ static const struct sock_filter preauth_insns[] = { + #ifdef __NR_exit_group + SC_ALLOW(__NR_exit_group), + #endif ++#if defined(__NR_flock) && defined(__s390__) ++ SC_ALLOW(__NR_flock), ++#endif + #ifdef __NR_futex + SC_ALLOW(__NR_futex), + #endif +@@ -193,6 +196,9 @@ static const struct sock_filter preauth_insns[] = { + #ifdef __NR_getuid32 + SC_ALLOW(__NR_getuid32), + #endif ++#if defined(__NR_ipc) && defined(__s390__) ++ SC_ALLOW(__NR_ipc), ++#endif + #ifdef __NR_madvise + SC_ALLOW(__NR_madvise), + #endif |