Displaying 8 results from an estimated 8 matches for "sc_allow".
2017 May 09
5
[PATCH 0/3] Allow syscalls for openssl engines
This patchset allow syscalls (flock, ipc, getuid, geteuid and ioctl), so
openssl engines, e.g. OpenSSL-ibmca and OpenSSL-ibmpkcs11, can work and
communicate with the crypto cards during ssh login.
1. The flock and ipc are allowed only for s390 architecture. They are needed
for openCryptoki project (PKCS#11 implementation), as the ibmpkcs11 engine
makes use of openCryptoki.
For more information,
2015 Feb 25
2
[openssh with openssl cryptodev engine] sshd killed by seccomp filter
...check the openssl engine code, it use ioctl on /dev/crypto.
The following patch solve the issue:
--- sandbox-seccomp-filter.c.old 2015-02-24 14:52:01.000000000 +0100
+++ sandbox-seccomp-filter.c 2015-02-24 15:45:08.000000000 +0100
@@ -98,6 +98,7 @@
#ifdef __NR_time /* not defined on EABI ARM */
SC_ALLOW(time),
#endif
+ SC_ALLOW(ioctl),
SC_ALLOW(read),
SC_ALLOW(write),
SC_ALLOW(close),
Thanks
2015 Feb 11
2
[PATCH] seccomp: allow the getrandom system call.
...ox-seccomp-filter.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/sandbox-seccomp-filter.c b/sandbox-seccomp-filter.c
index b6f6258..846bc08 100644
--- a/sandbox-seccomp-filter.c
+++ b/sandbox-seccomp-filter.c
@@ -129,6 +129,9 @@ static const struct sock_filter preauth_insns[] = {
#else
SC_ALLOW(sigprocmask),
#endif
+#ifdef __NR_getrandom
+ SC_ALLOW(getrandom),
+#endif
BPF_STMT(BPF_RET+BPF_K, SECCOMP_FILTER_FAIL),
};
--
2.2.2
2015 Mar 05
31
[Bug 2361] New: seccomp filter (not only) for aarch64
https://bugzilla.mindrot.org/show_bug.cgi?id=2361
Bug ID: 2361
Summary: seccomp filter (not only) for aarch64
Product: Portable OpenSSH
Version: 6.7p1
Hardware: Other
OS: Linux
Status: NEW
Severity: enhancement
Priority: P5
Component: sshd
Assignee: unassigned-bugs at
2022 May 06
9
[Bug 3430] New: 64 bit time and seccomp conflict
https://bugzilla.mindrot.org/show_bug.cgi?id=3430
Bug ID: 3430
Summary: 64 bit time and seccomp conflict
Product: Portable OpenSSH
Version: 8.9p1
Hardware: ARM
OS: Linux
Status: NEW
Severity: major
Priority: P5
Component: sshd
Assignee: unassigned-bugs at mindrot.org
2013 Aug 12
16
[Bug 2142] New: openssh sandboxing using libseccomp
https://bugzilla.mindrot.org/show_bug.cgi?id=2142
Bug ID: 2142
Summary: openssh sandboxing using libseccomp
Product: Portable OpenSSH
Version: -current
Hardware: All
OS: Linux
Status: NEW
Severity: enhancement
Priority: P5
Component: sshd
Assignee: unassigned-bugs at
2023 Dec 02
33
[Bug 3639] New: server thread aborts during client login after receiving SSH2_MSG_KEXINIT
https://bugzilla.mindrot.org/show_bug.cgi?id=3639
Bug ID: 3639
Summary: server thread aborts during client login after
receiving SSH2_MSG_KEXINIT
Product: Portable OpenSSH
Version: 9.2p1
Hardware: ARM
OS: Linux
Status: NEW
Severity: critical
Priority: P5
Component:
2019 Oct 31
37
[Bug 3085] New: seccomp issue after upgrading openssl
https://bugzilla.mindrot.org/show_bug.cgi?id=3085
Bug ID: 3085
Summary: seccomp issue after upgrading openssl
Product: Portable OpenSSH
Version: 8.1p1
Hardware: Other
OS: Linux
Status: NEW
Severity: critical
Priority: P5
Component: sshd
Assignee: unassigned-bugs at mindrot.org