path: root/system/openssh/time64-seccomp.patch



From b1c82f4b8adf3f42476d8a1f292df33fb7aa1a56 Mon Sep 17 00:00:00 2001
From: Darren Tucker <dtucker@dtucker.net>
Date: Wed, 13 Nov 2019 23:19:35 +1100
Subject: [PATCH] seccomp: Allow clock_nanosleep() in sandbox.

seccomp: Allow clock_nanosleep() to make OpenSSH working with latest
glibc.  Patch from Jakub Jelen <jjelen@redhat.com> via bz #3093.

From 5af6fd5461bb709304e6979c8b7856c7af921c9e Mon Sep 17 00:00:00 2001
From: Darren Tucker <dtucker@dtucker.net>
Date: Mon, 16 Dec 2019 13:55:56 +1100
Subject: [PATCH] Allow clock_nanosleep_time64 in seccomp sandbox.

Needed on Linux ARM.  bz#3100, patch from jjelen@redhat.com.

From b110cefdfbf5a20f49b774a55062d6ded2fb6e22 Mon Sep 17 00:00:00 2001
From: Khem Raj <raj.khem@gmail.com>
Date: Tue, 7 Jan 2020 16:26:45 -0800
Subject: [PATCH] seccomp: Allow clock_gettime64() in sandbox.

This helps sshd accept connections on mips platforms with
upcoming glibc ( 2.31 )

diff --git a/sandbox-seccomp-filter.c b/sandbox-seccomp-filter.c
index b5cda70bb..96ab141f7 100644
--- a/sandbox-seccomp-filter.c
+++ b/sandbox-seccomp-filter.c
@@ -242,6 +242,15 @@ static const struct sock_filter preauth_insns[] = {
 #ifdef __NR_nanosleep
 	SC_ALLOW(__NR_nanosleep),
 #endif
+#ifdef __NR_clock_nanosleep
+	SC_ALLOW(__NR_clock_nanosleep),
+#endif
+#ifdef __NR_clock_nanosleep_time64
+       SC_ALLOW(__NR_clock_nanosleep_time64),
+#endif
+#ifdef __NR_clock_gettime64
+	SC_ALLOW(__NR_clock_gettime64),
+#endif
 #ifdef __NR__newselect
 	SC_ALLOW(__NR__newselect),
 #endif
From b1c82f4b8adf3f42476d8a1f292df33fb7aa1a56 Mon Sep 17 00:00:00 2001
From: Darren Tucker <dtucker@dtucker.net>
Date: Wed, 13 Nov 2019 23:19:35 +1100
Subject: [PATCH] seccomp: Allow clock_nanosleep() in sandbox.

seccomp: Allow clock_nanosleep() to make OpenSSH working with latest
glibc.  Patch from Jakub Jelen <jjelen@redhat.com> via bz #3093.

From 5af6fd5461bb709304e6979c8b7856c7af921c9e Mon Sep 17 00:00:00 2001
From: Darren Tucker <dtucker@dtucker.net>
Date: Mon, 16 Dec 2019 13:55:56 +1100
Subject: [PATCH] Allow clock_nanosleep_time64 in seccomp sandbox.

Needed on Linux ARM.  bz#3100, patch from jjelen@redhat.com.

From b110cefdfbf5a20f49b774a55062d6ded2fb6e22 Mon Sep 17 00:00:00 2001
From: Khem Raj <raj.khem@gmail.com>
Date: Tue, 7 Jan 2020 16:26:45 -0800
Subject: [PATCH] seccomp: Allow clock_gettime64() in sandbox.

This helps sshd accept connections on mips platforms with
upcoming glibc ( 2.31 )

diff --git a/sandbox-seccomp-filter.c b/sandbox-seccomp-filter.c
index b5cda70bb..96ab141f7 100644
--- a/sandbox-seccomp-filter.c
+++ b/sandbox-seccomp-filter.c
@@ -242,6 +242,15 @@ static const struct sock_filter preauth_insns[] = {
 #ifdef __NR_nanosleep
 	SC_ALLOW(__NR_nanosleep),
 #endif
+#ifdef __NR_clock_nanosleep
+	SC_ALLOW(__NR_clock_nanosleep),
+#endif
+#ifdef __NR_clock_nanosleep_time64
+       SC_ALLOW(__NR_clock_nanosleep_time64),
+#endif
+#ifdef __NR_clock_gettime64
+	SC_ALLOW(__NR_clock_gettime64),
+#endif
 #ifdef __NR__newselect
 	SC_ALLOW(__NR__newselect),
 #endif