- (djm) [configure.ac sandbox-seccomp-filter.c] Support for Linux

seccomp-bpf sandbox on ARM. Patch from shawnlandden AT gmail.com; ok dtucker
author: Damien Miller <djm@mindrot.org> 2013-02-22 01:37:00 +0100
committer: Damien Miller <djm@mindrot.org> 2013-02-22 01:37:00 +0100
commit: 91f40d8592562b804813a320a4ac3871dbaaf433 (patch)
tree: 11c012692061931ce2f673c8b733fa000b5d499b /sandbox-seccomp-filter.c
parent: - (dtucker) [configure.ac] bz#2073: look for Solaris' differently-named (diff)
download: openssh-91f40d8592562b804813a320a4ac3871dbaaf433.tar.xz
openssh-91f40d8592562b804813a320a4ac3871dbaaf433.zip
1 files changed, 8 insertions, 0 deletions
diff --git a/sandbox-seccomp-filter.c b/sandbox-seccomp-filter.c
index ef2b13c4f..e12418399 100644
--- a/sandbox-seccomp-filter.c
+++ b/sandbox-seccomp-filter.c
@@ -44,6 +44,7 @@
 #include <linux/audit.h>
 #include <linux/filter.h>
 #include <linux/seccomp.h>
+#include <elf.h>
 
 #include <asm/unistd.h>
 
@@ -90,7 +91,9 @@ static const struct sock_filter preauth_insns[] = {
 	SC_DENY(open, EACCES),
 	SC_ALLOW(getpid),
 	SC_ALLOW(gettimeofday),
+#ifdef __NR_time /* not defined on EABI ARM */
 	SC_ALLOW(time),
+#endif
 	SC_ALLOW(read),
 	SC_ALLOW(write),
 	SC_ALLOW(close),
@@ -102,7 +105,12 @@ static const struct sock_filter preauth_insns[] = {
 	SC_ALLOW(select),
 #endif
 	SC_ALLOW(madvise),
+#ifdef __NR_mmap2 /* EABI ARM only has mmap2() */
+	SC_ALLOW(mmap2),
+#endif
+#ifdef __NR_mmap
 	SC_ALLOW(mmap),
+#endif
 	SC_ALLOW(munmap),
 	SC_ALLOW(exit_group),
 #ifdef __NR_rt_sigprocmask
author	Damien Miller <djm@mindrot.org>	2013-02-22 01:37:00 +0100
committer	Damien Miller <djm@mindrot.org>	2013-02-22 01:37:00 +0100
commit	91f40d8592562b804813a320a4ac3871dbaaf433 (patch)
tree	11c012692061931ce2f673c8b733fa000b5d499b /sandbox-seccomp-filter.c
parent	- (dtucker) [configure.ac] bz#2073: look for Solaris' differently-named (diff)
download	openssh-91f40d8592562b804813a320a4ac3871dbaaf433.tar.xz openssh-91f40d8592562b804813a320a4ac3871dbaaf433.zip