[PATCH] seccomp: allow the getrandom system call.
Cristian Rodríguez
crrodriguez at opensuse.org
Thu Feb 12 04:46:50 AEDT 2015
*SSL libraries or the C library may/will require it.
---
sandbox-seccomp-filter.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/sandbox-seccomp-filter.c b/sandbox-seccomp-filter.c
index b6f6258..846bc08 100644
--- a/sandbox-seccomp-filter.c
+++ b/sandbox-seccomp-filter.c
@@ -129,6 +129,9 @@ static const struct sock_filter preauth_insns[] = {
#else
SC_ALLOW(sigprocmask),
#endif
+#ifdef __NR_getrandom
+ SC_ALLOW(getrandom),
+#endif
BPF_STMT(BPF_RET+BPF_K, SECCOMP_FILTER_FAIL),
};
--
2.2.2
More information about the openssh-unix-dev
mailing list