Bugzilla – Attachment 2561 Details for
Bug 2361
seccomp filter (not only) for aarch64
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
aarh64 patch
openssh-6.7p1-seccomp-aarch64.patch (text/plain), 1.78 KB, created by
Jakub Jelen
on 2015-03-06 03:10:19 AEDT
(
hide
)
Description:
aarh64 patch
Filename:
MIME Type:
Creator:
Jakub Jelen
Created:
2015-03-06 03:10:19 AEDT
Size:
1.78 KB
patch
obsolete
>diff --git a/configure.ac b/configure.ac >index 4065d0e..d59ad44 100644 >--- a/configure.ac >+++ b/configure.ac >@@ -764,9 +764,12 @@ main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16)) > i*86-*) > seccomp_audit_arch=AUDIT_ARCH_I386 > ;; >- arm*-*) >+ aarch64*-*) >+ seccomp_audit_arch=AUDIT_ARCH_AARCH64 >+ ;; >+ arm*-*) > seccomp_audit_arch=AUDIT_ARCH_ARM >- ;; >+ ;; > esac > if test "x$seccomp_audit_arch" != "x" ; then > AC_MSG_RESULT(["$seccomp_audit_arch"]) >diff --git a/sandbox-seccomp-filter.c b/sandbox-seccomp-filter.c >index 095b04a..52f6810 100644 >--- a/sandbox-seccomp-filter.c >+++ b/sandbox-seccomp-filter.c >@@ -90,8 +90,20 @@ static const struct sock_filter preauth_insns[] = { > /* Load the syscall number for checking. */ > BPF_STMT(BPF_LD+BPF_W+BPF_ABS, > offsetof(struct seccomp_data, nr)), >- SC_DENY(open, EACCES), >- SC_DENY(stat, EACCES), >+ SC_DENY(openat, EACCES), >+#ifdef __NR_open >+ SC_DENY(open, EACCES), /* not on AArch64 */ >+#endif >+#ifdef __NR_fstat >+ SC_DENY(fstat, EACCES), /* x86_64, Aarch64 */ >+#endif >+#if defined(__NR_stat64) && defined(__NR_fstat64) >+ SC_DENY(stat64, EACCES), /* ix86, arm */ >+ SC_DENY(fstat64, EACCES), >+#endif >+#ifdef __NR_newfstatat >+ SC_DENY(newfstatat, EACCES), /* Aarch64 */ >+#endif > SC_ALLOW(getpid), > SC_ALLOW(gettimeofday), > SC_ALLOW(clock_gettime), >@@ -111,12 +123,19 @@ static const struct sock_filter preauth_insns[] = { > SC_ALLOW(shutdown), > #endif > SC_ALLOW(brk), >+#ifdef __NR_poll /* not on AArch64 */ > SC_ALLOW(poll), >+#endif > #ifdef __NR__newselect > SC_ALLOW(_newselect), > #else >+#ifdef __NR_select /* not on AArch64 */ > SC_ALLOW(select), > #endif >+#ifdef __NR_pselect6 /* AArch64 */ >+ SC_ALLOW(pselect6), >+#endif >+#endif > SC_ALLOW(madvise), > #ifdef __NR_mmap2 /* EABI ARM only has mmap2() */ > SC_ALLOW(mmap2),
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=2561">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 2361
:
2561
|
2601
|
2648
|
2649
|
2650
|
2651
|
2652
|
2655