Bug 2069

Summary: arm support for sandbox_seccomp_filter
Product: Portable OpenSSH Reporter: shawnlandden
Component: sshdAssignee: Damien Miller <djm>
Status: CLOSED FIXED    
Severity: enhancement    
Priority: P5    
Version: 6.1p1   
Hardware: Other   
OS: Linux   
Attachments:
Description Flags
support seccomp on arm
none
Tweaked Linux seccomp-bpf ARM support dtucker: ok+

Description shawnlandden 2013-02-08 05:10:55 AEDT 
Created attachment 2217 [details]
support seccomp on arm

linux 3.8 have support for seccomp filter (SECCOMP_MODE_FILTER) on arm
Comment 1 Damien Miller 2013-02-08 10:16:56 AEDT 
Comment on attachment 2217 [details]
support seccomp on arm

Excellent - thanks for this.

>diff --git a/sandbox-seccomp-filter.c b/sandbox-seccomp-filter.c
>index ef2b13c..2d71886 100644
>--- a/sandbox-seccomp-filter.c
>+++ b/sandbox-seccomp-filter.c
>@@ -44,6 +44,7 @@
> #include <linux/audit.h>
> #include <linux/filter.h>
> #include <linux/seccomp.h>
>+#include <elf.h>

Is this extra header needed? I couldn't see any use of it.
Comment 2 shawnlandden 2013-02-08 10:28:04 AEDT 
>Is this extra header needed? I couldn't see any use of it.

elf.h is needed for EM_ARM, which is part of the definition of AUDIT_ARCH_ARM in linux/audit.h:

#define EM_ARM          40              /* ARM */
Comment 3 Damien Miller 2013-02-22 11:32:45 AEDT 
Created attachment 2223 [details]
Tweaked Linux seccomp-bpf ARM support

Some additional configure-time checks.
Comment 4 Damien Miller 2013-02-22 11:38:18 AEDT 
applied - thanks. This will be in OpenSSH-6.2
Comment 5 Damien Miller 2016-08-02 10:41:00 AEST 
Close all resolved bugs after 7.3p1 release