diff options
author | Damien Miller <djm@mindrot.org> | 2017-03-14 13:15:18 +1100 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2017-03-14 17:53:17 +1100 |
commit | 5f1596e11d55539678c41f68aed358628d33d86f (patch) | |
tree | f3fb3664371f534c80c4dc75ad3f7206db244d45 | |
parent | b1b22dd0df2668b322dda174e501dccba2cf5c44 (diff) | |
download | openssh-git-5f1596e11d55539678c41f68aed358628d33d86f.tar.gz |
support ioctls for ICA crypto card on Linux/s390
Based on patch from Eduardo Barretto; ok dtucker@
-rw-r--r-- | sandbox-seccomp-filter.c | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/sandbox-seccomp-filter.c b/sandbox-seccomp-filter.c index af5525ab..6ceee33f 100644 --- a/sandbox-seccomp-filter.c +++ b/sandbox-seccomp-filter.c @@ -223,6 +223,12 @@ static const struct sock_filter preauth_insns[] = { #ifdef __NR_socketcall SC_ALLOW_ARG(socketcall, 0, SYS_SHUTDOWN), #endif +#if defined(__NR_ioctl) && defined(__s390__) + /* Allow ioctls for ICA crypto card on s390 */ + SC_ALLOW_ARG(ioctl, 1, Z90STAT_STATUS_MASK), + SC_ALLOW_ARG(ioctl, 1, ICARSAMODEXPO), + SC_ALLOW_ARG(ioctl, 1, ICARSACRT), +#endif /* defined(__NR_ioctl) && defined(__s390__) */ /* Default deny */ BPF_STMT(BPF_RET+BPF_K, SECCOMP_FILTER_FAIL), |