Enable specific ioctl call for EP11 crypto card (s390)

author Eduardo Barretto <ebarretto@linux.vnet.ibm.com>

Tue, 9 May 2017 16:33:30 +0000 (13:33 -0300)

committer Damien Miller <djm@mindrot.org>

Sat, 5 Oct 2019 08:30:40 +0000 (18:30 +1000)
author Eduardo Barretto <ebarretto@linux.vnet.ibm.com>
Tue, 9 May 2017 16:33:30 +0000 (13:33 -0300)
committer Damien Miller <djm@mindrot.org>
Sat, 5 Oct 2019 08:30:40 +0000 (18:30 +1000)
diff --git a/sandbox-seccomp-filter.c b/sandbox-seccomp-filter.c

index 39dc289e3e104e99b54763f89303e340ab64d948..b5cda70bbbaff0190fc5690dcaf47bd185f7968b 100644 (file)
--- a/sandbox-seccomp-filter.c
+++ b/sandbox-seccomp-filter.c
@@ -282,6 +282,8 @@ static const struct sock_filter preauth_insns[] = {
         SC_ALLOW_ARG(__NR_ioctl, 1, ICARSAMODEXPO),
         SC_ALLOW_ARG(__NR_ioctl, 1, ICARSACRT),
         SC_ALLOW_ARG(__NR_ioctl, 1, ZSECSENDCPRB),
+       /* Allow ioctls for EP11 crypto card on s390 */
+       SC_ALLOW_ARG(__NR_ioctl, 1, ZSENDEP11CPRB),
  #endif
  #if defined(__x86_64__) && defined(__ILP32__) && defined(__X32_SYSCALL_BIT)
         /*
author	Eduardo Barretto <ebarretto@linux.vnet.ibm.com>
	Tue, 9 May 2017 16:33:30 +0000 (13:33 -0300)
committer	Damien Miller <djm@mindrot.org>
	Sat, 5 Oct 2019 08:30:40 +0000 (18:30 +1000)