search for: sc_allow

Displaying 7 results from an estimated 7 matches for "sc_allow".

[PATCH 0/3] Allow syscalls for openssl engines
2017 May 09
5
[PATCH 0/3] Allow syscalls for openssl engines
This patchset allow syscalls (flock, ipc, getuid, geteuid and ioctl), so openssl engines, e.g. OpenSSL-ibmca and OpenSSL-ibmpkcs11, can work and communicate with the crypto cards during ssh login. 1. The flock and ipc are allowed only for s390 architecture. They are needed for openCryptoki project (PKCS#11 implementation), as the ibmpkcs11 engine makes use of openCryptoki. For more information,
[openssh with openssl cryptodev engine] sshd killed by seccomp filter
2015 Feb 25
2
[openssh with openssl cryptodev engine] sshd killed by seccomp filter
...check the openssl engine code, it use ioctl on /dev/crypto. The following patch solve the issue: --- sandbox-seccomp-filter.c.old 2015-02-24 14:52:01.000000000 +0100 +++ sandbox-seccomp-filter.c 2015-02-24 15:45:08.000000000 +0100 @@ -98,6 +98,7 @@ #ifdef __NR_time /* not defined on EABI ARM */ SC_ALLOW(time), #endif + SC_ALLOW(ioctl), SC_ALLOW(read), SC_ALLOW(write), SC_ALLOW(close), Thanks
[PATCH] seccomp: allow the getrandom system call.
2015 Feb 11
2
[PATCH] seccomp: allow the getrandom system call.
...ox-seccomp-filter.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/sandbox-seccomp-filter.c b/sandbox-seccomp-filter.c index b6f6258..846bc08 100644 --- a/sandbox-seccomp-filter.c +++ b/sandbox-seccomp-filter.c @@ -129,6 +129,9 @@ static const struct sock_filter preauth_insns[] = { #else SC_ALLOW(sigprocmask), #endif +#ifdef __NR_getrandom + SC_ALLOW(getrandom), +#endif BPF_STMT(BPF_RET+BPF_K, SECCOMP_FILTER_FAIL), }; -- 2.2.2
[Bug 2361] New: seccomp filter (not only) for aarch64
2015 Mar 05
31
[Bug 2361] New: seccomp filter (not only) for aarch64
https://bugzilla.mindrot.org/show_bug.cgi?id=2361 Bug ID: 2361 Summary: seccomp filter (not only) for aarch64 Product: Portable OpenSSH Version: 6.7p1 Hardware: Other OS: Linux Status: NEW Severity: enhancement Priority: P5 Component: sshd Assignee: unassigned-bugs at
[Bug 2142] New: openssh sandboxing using libseccomp
2013 Aug 12
16
[Bug 2142] New: openssh sandboxing using libseccomp
https://bugzilla.mindrot.org/show_bug.cgi?id=2142 Bug ID: 2142 Summary: openssh sandboxing using libseccomp Product: Portable OpenSSH Version: -current Hardware: All OS: Linux Status: NEW Severity: enhancement Priority: P5 Component: sshd Assignee: unassigned-bugs at
[Bug 3639] New: server thread aborts during client login after receiving SSH2_MSG_KEXINIT
2023 Dec 02
33
[Bug 3639] New: server thread aborts during client login after receiving SSH2_MSG_KEXINIT
https://bugzilla.mindrot.org/show_bug.cgi?id=3639 Bug ID: 3639 Summary: server thread aborts during client login after receiving SSH2_MSG_KEXINIT Product: Portable OpenSSH Version: 9.2p1 Hardware: ARM OS: Linux Status: NEW Severity: critical Priority: P5 Component:
[Bug 3085] New: seccomp issue after upgrading openssl
2019 Oct 31
37
[Bug 3085] New: seccomp issue after upgrading openssl
https://bugzilla.mindrot.org/show_bug.cgi?id=3085 Bug ID: 3085 Summary: seccomp issue after upgrading openssl Product: Portable OpenSSH Version: 8.1p1 Hardware: Other OS: Linux Status: NEW Severity: critical Priority: P5 Component: sshd Assignee: unassigned-bugs at mindrot.org