Re: [PATCH] Enable specific ioctl calls for ICA crypto card (s390)

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



Committed to both master and the V_7_5 branch.

Thanks,
Damien

On Tue, 21 Mar 2017, Jakub Jelen wrote:

> On 03/14/2017 03:17 AM, Damien Miller wrote:
> > I've committed this diff. Please test and confirm that it works ok.
> > (If not, then I've botched the macro fixes in the previous commit)
> > 
> > Thanks,
> > Damien Miller
> > 
> > On Tue, 14 Mar 2017, Damien Miller wrote:
> > 
> > > ok, with the fixes for the seccomp-bpf sandbox that I just committed
> > > the diff reduces to.
> > > 
> > > IMO this is scoped narrowly enough to go in.
> > > 
> > > -d
> > > 
> > > diff --git a/sandbox-seccomp-filter.c b/sandbox-seccomp-filter.c
> > > index af5525ab..6ceee33f 100644
> > > --- a/sandbox-seccomp-filter.c
> > > +++ b/sandbox-seccomp-filter.c
> > > @@ -223,6 +223,12 @@ static const struct sock_filter preauth_insns[] = {
> > >  #ifdef __NR_socketcall
> > >  	SC_ALLOW_ARG(socketcall, 0, SYS_SHUTDOWN),
> > >  #endif
> > > +#if defined(__NR_ioctl) && defined(__s390__)
> > > +	/* Allow ioctls for ICA crypto card on s390 */
> > > +	SC_ALLOW_ARG(ioctl, 1, Z90STAT_STATUS_MASK),
> > > +	SC_ALLOW_ARG(ioctl, 1, ICARSAMODEXPO),
> > > +	SC_ALLOW_ARG(ioctl, 1, ICARSACRT),
> > > +#endif /* defined(__NR_ioctl) && defined(__s390__) */
> > > 
> > >  	/* Default deny */
> > >  	BPF_STMT(BPF_RET+BPF_K, SECCOMP_FILTER_FAIL),
> 
> Hello,
> this patch requires also the header files included, which was dropped from the
> initial proposal and breaks the build on s390x [1].
> 
> The missing constants should be defined in asm/zcrypt.h as mentioned in the
> original patch:
> 
> #ifdef __s390__
> #include <asm/zcrypt.h>
> #endif
> 
> Please, add also this hunk.
> 
> [1] https://bugzilla.redhat.com/show_bug.cgi?id=1434341
> 
> Regards,
> -- 
> Jakub Jelen
> Software Engineer
> Security Technologies
> Red Hat
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev@xxxxxxxxxxx
> https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
> 
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev



[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux