3093 – Unbreak seccomp filter with latest glibc

Bug 3093 - Unbreak seccomp filter with latest glibc

Summary: Unbreak seccomp filter with latest glibc

Status:	CLOSED FIXED

Alias:	None

Product:	Portable OpenSSH
Classification:	Unclassified
Component:	sshd (show other bugs)
Version:	8.1p1
Hardware:	Other Linux

Importance:	P5 enhancement
Assignee:	Assigned to nobody

URL:
Keywords:	patch

Depends on:
Blocks:	V_8_2
	Show dependency tree / graph

Reported:	2019-11-13 23:01 AEDT by Jakub Jelen
Modified:	2021-04-23 14:57 AEST (History)
CC List:	2 users (show)

See Also:

Attachments
proposed patch (650 bytes, patch) 2019-11-13 23:01 AEDT, Jakub Jelen	no flags	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Jakub Jelen 2019-11-13 23:01:58 AEDT

Created attachment 3339 [details]
proposed patch

The OpenSSH with latest Fedora fails to login users because of seccomp is killing it. This is caused by recent change in glibc and change of implementation of nanosleep, which is affecting privsep child. For more information, see the Fedora bug:

https://bugzilla.redhat.com/show_bug.cgi?id=1771946

The attached patch should address this issue (I will give it some more testing).

Comment 1 Darren Tucker 2019-11-13 23:22:29 AEDT

Applied, thanks.

Comment 2 Jakub Jelen 2020-02-03 10:53:58 AEDT

It looks like there is one more syscall needed with the current glibc on ARM, which is clock_gettime64. Please, consider adding also this one. For more information, there is another red hat bugzilla:

https://bugzilla.redhat.com/show_bug.cgi?id=1796267

Comment 3 Damien Miller 2020-02-03 19:41:36 AEDT

Added - thanks

Comment 4 Damien Miller 2021-04-23 14:57:02 AEST

closing resolved bugs as of 8.6p1 release