seccomp filter for ppc64le in FIPS mode

Jakub Jelen jjelen at
Mon Apr 24 20:04:12 AEST 2017

On 04/24/2017 11:47 AM, Darren Tucker wrote:
> On Mon, Apr 24, 2017 at 5:49 PM, Jakub Jelen <jjelen at 
> <mailto:jjelen at>> wrote:
>     [...]
>     See attached patch with proposed patch (deny is intentionally after
>     allowing the SYS_SHUTDOWN). Can we have it fixed in OpenSSH portable?
> Applied, thanks, also cherry picked onto the 7.5 branch.
> The diff did not apply cleanly ("__NR_$syscall" vs "$syscall" so I 
> hand-edited it.  I don't have access to one of these systems to test so 
> could you please confirm that I got it right?

If I see right, you put there two ss in socketcall [1]

After fixing that it builds just fine with this line:

  +	SC_DENY(__NR_socketcall, EACCES),


Jakub Jelen
Software Engineer
Security Technologies
Red Hat

More information about the openssh-unix-dev mailing list