From: Damien Miller <djm@mindrot.org>
Date: Thu, 6 Feb 2014 00:17:50 +0000 (+1100)
Subject:  - (djm) [sandbox-seccomp-filter.c] Not all Linux architectures define
X-Git-Tag: V_6_6_P1~29
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=6434cb2cfbbf0a46375d2d22f2ff9927feb5e478;p=thirdparty%2Fopenssh-portable.git

 - (djm) [sandbox-seccomp-filter.c] Not all Linux architectures define
    __NR_shutdown; some go via the socketcall(2) multiplexer.
---

diff --git a/ChangeLog b/ChangeLog
index 3867fd37e..6289bfe28 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,6 +1,8 @@
 20140206
  - (dtucker) [openbsd-compat/bsd-poll.c] Don't bother checking for non-NULL
    before freeing since free(NULL) is a no-op.  ok djm.
+ - (djm) [sandbox-seccomp-filter.c] Not all Linux architectures define
+   __NR_shutdown; some go via the socketcall(2) multiplexer.
 
 20140205
  - (djm) [sandbox-capsicum.c] Don't fatal if Capsicum is offered by
diff --git a/sandbox-seccomp-filter.c b/sandbox-seccomp-filter.c
index dbda60bab..c0c17c2fc 100644
--- a/sandbox-seccomp-filter.c
+++ b/sandbox-seccomp-filter.c
@@ -98,7 +98,9 @@ static const struct sock_filter preauth_insns[] = {
 	SC_ALLOW(read),
 	SC_ALLOW(write),
 	SC_ALLOW(close),
+#ifdef __NR_shutdown /* not defined on archs that go via socketcall(2) */
 	SC_ALLOW(shutdown),
+#endif
 	SC_ALLOW(brk),
 	SC_ALLOW(poll),
 #ifdef __NR__newselect