Displaying 4 results from an estimated 4 matches for "icarsacrt".
2017 Mar 14
2
[PATCH] Enable specific ioctl calls for ICA crypto card (s390)
...SC_ALLOW_ARG(socketcall, 0, SYS_SHUTDOWN),
> #endif
> +#if defined(__NR_ioctl) && defined(__s390__)
> + /* Allow ioctls for ICA crypto card on s390 */
> + SC_ALLOW_ARG(ioctl, 1, Z90STAT_STATUS_MASK),
> + SC_ALLOW_ARG(ioctl, 1, ICARSAMODEXPO),
> + SC_ALLOW_ARG(ioctl, 1, ICARSACRT),
> +#endif /* defined(__NR_ioctl) && defined(__s390__) */
>
> /* Default deny */
> BPF_STMT(BPF_RET+BPF_K, SECCOMP_FILTER_FAIL),
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev at mindrot.org
> https://lists...
2017 Feb 13
2
[PATCH] Enable specific ioctl calls for ICA crypto card (s390)
...@@ -207,6 +218,13 @@ static const struct sock_filter preauth_insns[] = {
#ifdef __NR_socketcall
SC_ALLOW_ARG(socketcall, 0, SYS_SHUTDOWN),
#endif
+#ifdef __NR_ioctl
+#ifdef __s390__
+ SC_ALLOW_ARG(ioctl, 1, Z90STAT_STATUS_MASK),
+ SC_ALLOW_ARG(ioctl, 1, ICARSAMODEXPO),
+ SC_ALLOW_ARG(ioctl, 1, ICARSACRT),
+#endif
+#endif
/* Default deny */
BPF_STMT(BPF_RET+BPF_K, SECCOMP_FILTER_FAIL),
--
1.9.1
2017 Mar 03
2
[PATCH] Enable specific ioctl calls for ICA crypto card (s390)
On 03-03-2017 09:54, Petr Cerny wrote:
> Damien Miller wrote:
>> On Tue, 28 Feb 2017, Eduardo Barretto wrote:
>>
>>> On 13-02-2017 13:23, Eduardo Barretto wrote:
>>> > This patch enables specific ioctl calls for ICA crypto card on s390
>>> > platform. Without this patch, users using the IBMCA engine are not
>>> able
>>> > to
2017 May 09
5
[PATCH 0/3] Allow syscalls for openssl engines
This patchset allow syscalls (flock, ipc, getuid, geteuid and ioctl), so
openssl engines, e.g. OpenSSL-ibmca and OpenSSL-ibmpkcs11, can work and
communicate with the crypto cards during ssh login.
1. The flock and ipc are allowed only for s390 architecture. They are needed
for openCryptoki project (PKCS#11 implementation), as the ibmpkcs11 engine
makes use of openCryptoki.
For more information,