[openssh with openssl cryptodev engine] sshd killed by seccomp filter

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



Hello

I have a server with an hardware crypto accelator.
For giving userspace access to it I use the cryptodev module (http://cryptodev-linux.org/)
I have also the cryptodev engine compiled in openssl.

When I modprobe the cryptodev module, I cannot login with ssh on the server.

The symptom can be found with dmesg:
audit: type=1326 audit(1424784807.257:3): auid=4294967295 uid=22 gid=22 ses=4294967295 pid=17725 comm="sshd" exe="/usr/sbin/sshd" sig=31 arch=40000028 syscall=54 compat=0 ip=0xb6be809c code=0x0

sshd is killed by SIGSYS, because it try to use the ioctl call which is forbiden by the seccomp filter.
If you check the openssl engine code, it use ioctl on /dev/crypto.

The following patch solve the issue:
--- sandbox-seccomp-filter.c.old	2015-02-24 14:52:01.000000000 +0100
+++ sandbox-seccomp-filter.c	2015-02-24 15:45:08.000000000 +0100
@@ -98,6 +98,7 @@
 #ifdef __NR_time /* not defined on EABI ARM */
 	SC_ALLOW(time),
 #endif
+	SC_ALLOW(ioctl),
 	SC_ALLOW(read),
 	SC_ALLOW(write),
 	SC_ALLOW(close),


Thanks

_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev




[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux