From 58ba50440efef9dee5d4e51ac03f4e030d9ff554 Mon Sep 17 00:00:00 2001 From: Jakub Jelen Date: Jul 02 2015 15:10:58 +0000 Subject: Allow building seccomp filters also for s390(x) architectures (#1195065) --- diff --git a/openssh-6.7p1-seccomp-aarch64.patch b/openssh-6.7p1-seccomp-aarch64.patch deleted file mode 100644 index 6e8c3b8..0000000 --- a/openssh-6.7p1-seccomp-aarch64.patch +++ /dev/null @@ -1,14 +0,0 @@ -diff -up openssh/configure.ac.seccomp openssh/configure.ac -diff -up openssh/sandbox-seccomp-filter.c.seccomp openssh/sandbox-seccomp-filter.c ---- openssh/sandbox-seccomp-filter.c.seccomp 2015-06-24 11:45:44.001581471 +0200 -+++ openssh/sandbox-seccomp-filter.c 2015-06-24 11:51:54.032635297 +0200 -@@ -165,6 +165,9 @@ static const struct sock_filter preauth_ - #ifdef __NR__newselect - SC_ALLOW(_newselect), - #endif -+#ifdef __NR_pselect6 /* AArch64 */ -+ SC_ALLOW(pselect6), -+#endif - #ifdef __NR_poll - SC_ALLOW(poll), - #endif diff --git a/openssh-6.9p1-seccomp-secondary.patch b/openssh-6.9p1-seccomp-secondary.patch new file mode 100644 index 0000000..86c3ad3 --- /dev/null +++ b/openssh-6.9p1-seccomp-secondary.patch @@ -0,0 +1,32 @@ +diff -up openssh/configure.ac.seccomp openssh/configure.ac +diff -up openssh/sandbox-seccomp-filter.c.seccomp openssh/sandbox-seccomp-filter.c +--- openssh/sandbox-seccomp-filter.c.seccomp 2015-06-24 11:45:44.001581471 +0200 ++++ openssh/sandbox-seccomp-filter.c 2015-06-24 11:51:54.032635297 +0200 +@@ -165,6 +165,9 @@ static const struct sock_filter preauth_ + #ifdef __NR__newselect + SC_ALLOW(_newselect), + #endif ++#ifdef __NR_pselect6 /* AArch64 */ ++ SC_ALLOW(pselect6), ++#endif + #ifdef __NR_poll + SC_ALLOW(poll), + #endif +diff --git a/configure.ac b/configure.ac +index 24378a7..0bed910 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -811,6 +811,12 @@ main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16)) + aarch64*-*) + seccomp_audit_arch=AUDIT_ARCH_AARCH64 + ;; ++ s390x-*) ++ seccomp_audit_arch=AUDIT_ARCH_S390X ++ ;; ++ s390-*) ++ seccomp_audit_arch=AUDIT_ARCH_S390 ++ ;; + esac + if test "x$seccomp_audit_arch" != "x" ; then + AC_MSG_RESULT(["$seccomp_audit_arch"]) + diff --git a/openssh.spec b/openssh.spec index 646c74c..3663c1f 100644 --- a/openssh.spec +++ b/openssh.spec @@ -521,7 +521,7 @@ fi %endif %if %{WITH_SELINUX} --with-selinux --with-audit=linux \ -%ifarch %{ix86} x86_64 %{arm} aarch64 +%ifarch %{ix86} x86_64 %{arm} aarch64 s390x x390 --with-sandbox=seccomp_filter \ %else --with-sandbox=rlimit \