Zseries only: Leave the hardware filedescriptors open. All filedescriptors above 2 are getting closed when a new sshd process to handle a new client connection is spawned. As the process also chroot into an empty filesystem without any device nodes, there is no chance to reopen the files. This patch filters out the reqired fds in the closefrom function so these are skipped in the close loop. Author: Harald Freudenberger <freude@de.ibm.com> --- openbsd-compat/bsd-closefrom.c | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) --- a/openbsd-compat/bsd-closefrom.c +++ b/openbsd-compat/bsd-closefrom.c @@ -82,7 +82,33 @@ closefrom(int lowfd) fd = strtol(dent->d_name, &endp, 10); if (dent->d_name != endp && *endp == '\0' && fd >= 0 && fd < INT_MAX && fd >= lowfd && fd != dirfd(dirp)) +#ifdef __s390__ + { + /* + * the filedescriptors used to communicate with + * the device drivers to provide hardware support + * should survive. HF <freude@de.ibm.com> + */ + char fpath[PATH_MAX], lpath[PATH_MAX]; + len = snprintf(fpath, sizeof(fpath), "%s/%s", + fdpath, dent->d_name); + if (len > 0 && (size_t)len <= sizeof(fpath)) { + len = readlink(fpath, lpath, sizeof(lpath)); + if (len > 0) { + lpath[len] = 0; + if (strstr(lpath, "dev/z90crypt") + || strstr(lpath, "dev/zcrypt") + || strstr(lpath, "dev/prandom") + || strstr(lpath, "dev/shm/icastats")) + fd = -1; + } + } + if (fd >= 0) + (void) close((int) fd); + } +#else (void) close((int) fd); +#endif } (void) closedir(dirp); } else