Bug 2069 - arm support for sandbox_seccomp_filter
Summary: arm support for sandbox_seccomp_filter
Status: CLOSED FIXED
Alias: None
Product: Portable OpenSSH
Classification: Unclassified
Component: sshd (show other bugs)
Version: 6.1p1
Hardware: Other Linux
: P5 enhancement
Assignee: Damien Miller
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2013-02-08 05:10 AEDT by shawnlandden
Modified: 2016-08-02 10:41 AEST (History)
0 users

See Also:


Attachments
support seccomp on arm (1.74 KB, patch)
2013-02-08 05:10 AEDT, shawnlandden
no flags Details | Diff
Tweaked Linux seccomp-bpf ARM support (5.26 KB, patch)
2013-02-22 11:32 AEDT, Damien Miller
dtucker: ok+
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description shawnlandden 2013-02-08 05:10:55 AEDT
Created attachment 2217 [details]
support seccomp on arm

linux 3.8 have support for seccomp filter (SECCOMP_MODE_FILTER) on arm
Comment 1 Damien Miller 2013-02-08 10:16:56 AEDT
Comment on attachment 2217 [details]
support seccomp on arm

Excellent - thanks for this.

>diff --git a/sandbox-seccomp-filter.c b/sandbox-seccomp-filter.c
>index ef2b13c..2d71886 100644
>--- a/sandbox-seccomp-filter.c
>+++ b/sandbox-seccomp-filter.c
>@@ -44,6 +44,7 @@
> #include <linux/audit.h>
> #include <linux/filter.h>
> #include <linux/seccomp.h>
>+#include <elf.h>

Is this extra header needed? I couldn't see any use of it.
Comment 2 shawnlandden 2013-02-08 10:28:04 AEDT
>Is this extra header needed? I couldn't see any use of it.

elf.h is needed for EM_ARM, which is part of the definition of AUDIT_ARCH_ARM in linux/audit.h:

#define EM_ARM          40              /* ARM */
Comment 3 Damien Miller 2013-02-22 11:32:45 AEDT
Created attachment 2223 [details]
Tweaked Linux seccomp-bpf ARM support

Some additional configure-time checks.
Comment 4 Damien Miller 2013-02-22 11:38:18 AEDT
applied - thanks. This will be in OpenSSH-6.2
Comment 5 Damien Miller 2016-08-02 10:41:00 AEST
Close all resolved bugs after 7.3p1 release