Bug 2069 - arm support for sandbox_seccomp_filter
Summary: arm support for sandbox_seccomp_filter
Status: CLOSED FIXED
Alias: None
Product: Portable OpenSSH
Classification: Unclassified
Component: sshd (show other bugs)
Version: 6.1p1
Hardware: Other Linux
: P5 enhancement
Assignee: Damien Miller
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2013-02-08 05:10 AEDT by shawnlandden
Modified: 2016-08-02 10:41 AEST (History)
0 users

See Also:

Attachments
support seccomp on arm (1.74 KB, patch)
2013-02-08 05:10 AEDT, shawnlandden 		no flags Details | Diff
Tweaked Linux seccomp-bpf ARM support (5.26 KB, patch)
2013-02-22 11:32 AEDT, Damien Miller 		dtucker: ok+
Details | Diff
Show Obsolete (1) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description shawnlandden 2013-02-08 05:10:55 AEDT 
Created attachment 2217 [details]
support seccomp on arm

linux 3.8 have support for seccomp filter (SECCOMP_MODE_FILTER) on arm
Comment 1 Damien Miller 2013-02-08 10:16:56 AEDT 
Comment on attachment 2217 [details]
support seccomp on arm

Excellent - thanks for this.

>diff --git a/sandbox-seccomp-filter.c b/sandbox-seccomp-filter.c
>index ef2b13c..2d71886 100644
>--- a/sandbox-seccomp-filter.c
>+++ b/sandbox-seccomp-filter.c
>@@ -44,6 +44,7 @@
> #include <linux/audit.h>
> #include <linux/filter.h>
> #include <linux/seccomp.h>
>+#include <elf.h>

Is this extra header needed? I couldn't see any use of it.
Comment 2 shawnlandden 2013-02-08 10:28:04 AEDT 
>Is this extra header needed? I couldn't see any use of it.

elf.h is needed for EM_ARM, which is part of the definition of AUDIT_ARCH_ARM in linux/audit.h:

#define EM_ARM          40              /* ARM */
Comment 3 Damien Miller 2013-02-22 11:32:45 AEDT 
Created attachment 2223 [details]
Tweaked Linux seccomp-bpf ARM support

Some additional configure-time checks.
Comment 4 Damien Miller 2013-02-22 11:38:18 AEDT 
applied - thanks. This will be in OpenSSH-6.2
Comment 5 Damien Miller 2016-08-02 10:41:00 AEST 
Close all resolved bugs after 7.3p1 release