diff options
| author | Harald Freudenberger <freude@linux.ibm.com> | 2019-05-24 10:11:15 +0200 |
|---|---|---|
| committer | Darren Tucker <dtucker@dtucker.net> | 2019-06-05 15:08:46 +1000 |
| commit | b3a77b25e5f7880222b179431a74fad76d2cf60c (patch) | |
| tree | 876fdd558e64abc601190e61c2e4235b776ccbf4 /sandbox-seccomp-filter.c | |
| parent | 2459df9aa11820f8092a8651aeb381af7ebbccb1 (diff) | |
| download | openssh-git-b3a77b25e5f7880222b179431a74fad76d2cf60c.tar.gz | |
allow s390 specific ioctl for ecc hardware support
Adding another s390 specific ioctl to be able to support ECC hardware
acceleration to the sandbox seccomp filter rules.
Now the ibmca openssl engine provides elliptic curve cryptography
support with the help of libica and CCA crypto cards. This is done via
jet another ioctl call to the zcrypt device driver and so there is a
need to enable this on the openssl sandbox.
Code is s390 specific and has been tested, verified and reviewed.
Please note that I am also the originator of the previous changes in
that area. I posted these changes to Eduardo and he forwarded the
patches to the openssl community.
Signed-off-by: Harald Freudenberger <freude@linux.ibm.com>
Reviewed-by: Joerg Schmidbauer <jschmidb@de.ibm.com>
Diffstat (limited to 'sandbox-seccomp-filter.c')
| -rw-r--r-- | sandbox-seccomp-filter.c | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/sandbox-seccomp-filter.c b/sandbox-seccomp-filter.c index 5edbc694..56eb9317 100644 --- a/sandbox-seccomp-filter.c +++ b/sandbox-seccomp-filter.c @@ -250,6 +250,7 @@ static const struct sock_filter preauth_insns[] = { SC_ALLOW_ARG(__NR_ioctl, 1, Z90STAT_STATUS_MASK), SC_ALLOW_ARG(__NR_ioctl, 1, ICARSAMODEXPO), SC_ALLOW_ARG(__NR_ioctl, 1, ICARSACRT), + SC_ALLOW_ARG(__NR_ioctl, 1, ZSECSENDCPRB), #endif #if defined(__x86_64__) && defined(__ILP32__) && defined(__X32_SYSCALL_BIT) /* |