search for: sc_allow_arg

...> > diff --git a/sandbox-seccomp-filter.c b/sandbox-seccomp-filter.c > index af5525ab..6ceee33f 100644 > --- a/sandbox-seccomp-filter.c > +++ b/sandbox-seccomp-filter.c > @@ -223,6 +223,12 @@ static const struct sock_filter preauth_insns[] = { > #ifdef __NR_socketcall > SC_ALLOW_ARG(socketcall, 0, SYS_SHUTDOWN), > #endif > +#if defined(__NR_ioctl) && defined(__s390__) > + /* Allow ioctls for ICA crypto card on s390 */ > + SC_ALLOW_ARG(ioctl, 1, Z90STAT_STATUS_MASK), > + SC_ALLOW_ARG(ioctl, 1, ICARSAMODEXPO), > + SC_ALLOW_ARG(ioctl, 1, ICARSACRT), &gt...

...a, args[(idx)]) + sizeof(_u32) +#else +#error "Unknown endianness" +#endif #define SC_DENY(_nr, _errno) \ BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, __NR_ ## _nr, 0, 1), \ BPF_STMT(BPF_RET+BPF_K, SECCOMP_RET_ERRNO|(_errno)) @@ -82,9 +94,8 @@ BPF_STMT(BPF_RET+BPF_K, SECCOMP_RET_ALLOW) #define SC_ALLOW_ARG(_nr, _arg_nr, _arg_val) \ BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, __NR_ ## _nr, 0, 4), \ - /* load first syscall argument */ \ - BPF_STMT(BPF_LD+BPF_W+BPF_ABS, \ - offsetof(struct seccomp_data, args[(_arg_nr)])), \ + /* load the syscall argument to check into accumulator */ \ + BPF_STMT(BPF_LD+BPF_W+...

On 03-03-2017 09:54, Petr Cerny wrote: > Damien Miller wrote: >> On Tue, 28 Feb 2017, Eduardo Barretto wrote: >> >>> On 13-02-2017 13:23, Eduardo Barretto wrote: >>> > This patch enables specific ioctl calls for ICA crypto card on s390 >>> > platform. Without this patch, users using the IBMCA engine are not >>> able >>> > to

This patchset allow syscalls (flock, ipc, getuid, geteuid and ioctl), so openssl engines, e.g. OpenSSL-ibmca and OpenSSL-ibmpkcs11, can work and communicate with the crypto cards during ssh login. 1. The flock and ipc are allowed only for s390 architecture. They are needed for openCryptoki project (PKCS#11 implementation), as the ibmpkcs11 engine makes use of openCryptoki. For more information,

...ure when enabled and attempting ssh. The second that the security sandbox was blocking the socket call to afalg. --- ../../openssh-orig/openssh-9.9p1/sandbox-seccomp-filter.c 2024-09-19 18:20:48.000000000 -0400 +++ sandbox-seccomp-filter.c 2025-01-03 18:20:19.803149104 -0500 @@ -402,6 +402,12 @@ SC_ALLOW_ARG(__NR_socketcall, 0, SYS_SHUTDOWN), SC_DENY(__NR_socketcall, EACCES), #endif + + /* Kurlon testing alfag */ +#ifdef __NR_socket + SC_ALLOW_ARG(__NR_socket, 0, AF_ALG), +#endif + #if defined(__NR_ioctl) && defined(__s390__) /* Allow ioctls for ICA crypto card on s390 */ SC_ALLOW_ARG(_...

https://bugzilla.mindrot.org/show_bug.cgi?id=2361 Bug ID: 2361 Summary: seccomp filter (not only) for aarch64 Product: Portable OpenSSH Version: 6.7p1 Hardware: Other OS: Linux Status: NEW Severity: enhancement Priority: P5 Component: sshd Assignee: unassigned-bugs at