From: Icenowy Zheng <uwu@icenowy.me>
Date: Fri, 7 Nov 2025 06:27:35 +0000 (+0800)
Subject: seccomp sandbox: allow uname(3)
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=ec41739bd68d639b0847b366697706e7dab3498d;p=thirdparty%2Fopenssh-portable.git

seccomp sandbox: allow uname(3)

The uname(3) syscall is utilized by zlib-ng on RISC-V to decide whether
the kernel handles VILL bit of V extension properly (by checking the
kernel version against 6.5).

Allow it in the seccomp sandbox.

Signed-off-by: Icenowy Zheng <uwu@icenowy.me>
---

diff --git a/sandbox-seccomp-filter.c b/sandbox-seccomp-filter.c
index a0692dd2f..b3da8d587 100644
--- a/sandbox-seccomp-filter.c
+++ b/sandbox-seccomp-filter.c
@@ -435,6 +435,9 @@ static const struct sock_filter preauth_insns[] = {
 #ifdef __NR_getpeername
 	SC_ALLOW(__NR_getpeername),
 #endif
+#ifdef __NR_uname
+	SC_ALLOW(__NR_uname),
+#endif
 #ifdef __NR_setsockopt
 	SC_ALLOW_SETSOCKOPT(IPPROTO_IPV6, IPV6_TCLASS),
 	SC_ALLOW_SETSOCKOPT(IPPROTO_IP, IP_TOS),