From: Darren Tucker <dtucker@dtucker.net>
Date: Sat, 26 Feb 2022 03:06:14 +0000 (+1100)
Subject: Allow ppoll_time64 in seccomp sandbox.
X-Git-Tag: V_9_0_P1~46
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=284b6e5394652d519e31782e3b3cdfd7b21d1a81;p=thirdparty%2Fopenssh-portable.git

Allow ppoll_time64 in seccomp sandbox.

Should fix sandbox violations on (some? at least i386 and armhf) 32bit
Linux platforms.  Patch from chutzpahu at gentoo.org and cjwatson at
debian.org via bz#3396.
---

diff --git a/sandbox-seccomp-filter.c b/sandbox-seccomp-filter.c
index 2e065ba3e..4ce80cb2a 100644
--- a/sandbox-seccomp-filter.c
+++ b/sandbox-seccomp-filter.c
@@ -276,6 +276,9 @@ static const struct sock_filter preauth_insns[] = {
 #ifdef __NR_ppoll
 	SC_ALLOW(__NR_ppoll),
 #endif
+#ifdef __NR_ppoll_time64
+	SC_ALLOW(__NR_ppoll_time64),
+#endif
 #ifdef __NR_poll
 	SC_ALLOW(__NR_poll),
 #endif