seccomp filter for ppc64le in FIPS mode
Jakub Jelen
jjelen at redhat.com
Mon Apr 24 20:04:12 AEST 2017
On 04/24/2017 11:47 AM, Darren Tucker wrote:
> On Mon, Apr 24, 2017 at 5:49 PM, Jakub Jelen <jjelen at redhat.com
> <mailto:jjelen at redhat.com>> wrote:
>
> [...]
> See attached patch with proposed patch (deny is intentionally after
> allowing the SYS_SHUTDOWN). Can we have it fixed in OpenSSH portable?
>
>
> Applied, thanks, also cherry picked onto the 7.5 branch.
>
> The diff did not apply cleanly ("__NR_$syscall" vs "$syscall" so I
> hand-edited it. I don't have access to one of these systems to test so
> could you please confirm that I got it right?
If I see right, you put there two ss in socketcall [1]
After fixing that it builds just fine with this line:
+ SC_DENY(__NR_socketcall, EACCES),
[1] https://github.com/openssh/openssh-portable/commit/8b0eee14
Thanks,
--
Jakub Jelen
Software Engineer
Security Technologies
Red Hat
More information about the openssh-unix-dev
mailing list