3100 – Update seccomp filter on ARM to match current glibc

Bug 3100 - Update seccomp filter on ARM to match current glibc

Summary: Update seccomp filter on ARM to match current glibc

Status:	CLOSED FIXED

Alias:	None

Product:	Portable OpenSSH
Classification:	Unclassified
Component:	sshd (show other bugs)
Version:	8.1p1
Hardware:	ARM Linux

Importance:	P5 enhancement
Assignee:	Assigned to nobody

URL:
Keywords:	patch

Depends on:
Blocks:	V_8_2
	Show dependency tree / graph

Reported:	2019-11-27 21:12 AEDT by Jakub Jelen
Modified:	2021-04-23 15:02 AEST (History)
CC List:	1 user (show)

See Also:

Attachments
sandbox-seccomp: Allow clock_nanosleep on ARM (647 bytes, patch) 2019-11-27 21:12 AEDT, Jakub Jelen	no flags	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Jakub Jelen 2019-11-27 21:12:33 AEDT

Created attachment 3340 [details]
sandbox-seccomp: Allow clock_nanosleep on ARM

As a follow-up on #3093 the ARM architecture is using a bit different syscall clock_nanosleep_time64() for the same purpose, which makes the previous fix incomplete.

The attached patch adds the arm alternative to the whitelist. My searches around did not show any other syscall that could be used on other architectures at this moment.

Comment 1 Jakub Jelen 2019-11-27 21:17:33 AEDT

For more information, see the following Fedora bug:

https://bugzilla.redhat.com/show_bug.cgi?id=1777054

Comment 2 Darren Tucker 2019-12-16 14:00:04 AEDT

Applied, thanks.

Comment 3 Damien Miller 2021-04-23 15:02:29 AEST

closing resolved bugs as of 8.6p1 release