Seccomp filter on ppc
Dries Deschout
dries.deschout at dodeco.eu
Thu Jul 14 04:49:52 AEST 2022
Hi!
Wen building OpenSSH 8.9p1 for 32-bit PowerPC big endian on Linux 5.4,
with CONFIG_SECCOMP=y in the kernel config, I noticed seccomp is not
supported for ppc in configure.ac:
> configure:9283: checking for seccomp architecture
> configure:9348: result: architecture not supported
With the attached patch adding support for it, building for the device
results in:
> configure:9283: checking for seccomp architecture
> configure:9345: result: "AUDIT_ARCH_PPC"
The resulting sshd output shows it now working with the seccomp sandboxing:
> debug3: ssh_sandbox_child: setting PR_SET_NO_NEW_PRIVS [preauth]
> debug3: ssh_sandbox_child: attaching seccomp filter program [preauth]
Could this ppc support be added to OpenSSH portable?
Thanks!
Dries
-------------- next part --------------
A non-text attachment was scrubbed...
Name: seccomp-on-powerpc.patch
Type: text/x-patch
Size: 396 bytes
Desc: not available
URL: <http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20220713/f287b136/attachment.bin>
More information about the openssh-unix-dev
mailing list