Committed to both master and the V_7_5 branch. Thanks, Damien On Tue, 21 Mar 2017, Jakub Jelen wrote: > On 03/14/2017 03:17 AM, Damien Miller wrote: > > I've committed this diff. Please test and confirm that it works ok. > > (If not, then I've botched the macro fixes in the previous commit) > > > > Thanks, > > Damien Miller > > > > On Tue, 14 Mar 2017, Damien Miller wrote: > > > > > ok, with the fixes for the seccomp-bpf sandbox that I just committed > > > the diff reduces to. > > > > > > IMO this is scoped narrowly enough to go in. > > > > > > -d > > > > > > diff --git a/sandbox-seccomp-filter.c b/sandbox-seccomp-filter.c > > > index af5525ab..6ceee33f 100644 > > > --- a/sandbox-seccomp-filter.c > > > +++ b/sandbox-seccomp-filter.c > > > @@ -223,6 +223,12 @@ static const struct sock_filter preauth_insns[] = { > > > #ifdef __NR_socketcall > > > SC_ALLOW_ARG(socketcall, 0, SYS_SHUTDOWN), > > > #endif > > > +#if defined(__NR_ioctl) && defined(__s390__) > > > + /* Allow ioctls for ICA crypto card on s390 */ > > > + SC_ALLOW_ARG(ioctl, 1, Z90STAT_STATUS_MASK), > > > + SC_ALLOW_ARG(ioctl, 1, ICARSAMODEXPO), > > > + SC_ALLOW_ARG(ioctl, 1, ICARSACRT), > > > +#endif /* defined(__NR_ioctl) && defined(__s390__) */ > > > > > > /* Default deny */ > > > BPF_STMT(BPF_RET+BPF_K, SECCOMP_FILTER_FAIL), > > Hello, > this patch requires also the header files included, which was dropped from the > initial proposal and breaks the build on s390x [1]. > > The missing constants should be defined in asm/zcrypt.h as mentioned in the > original patch: > > #ifdef __s390__ > #include <asm/zcrypt.h> > #endif > > Please, add also this hunk. > > [1] https://bugzilla.redhat.com/show_bug.cgi?id=1434341 > > Regards, > -- > Jakub Jelen > Software Engineer > Security Technologies > Red Hat > _______________________________________________ > openssh-unix-dev mailing list > openssh-unix-dev@xxxxxxxxxxx > https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev > _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev