OpenSSH: fix login on i?86
Commit Message
glibc calls clock_nanosleep_time64 syscall even if it not defined in
the headers for this arch and the seccomp filter kills the process
with because an unknown syscall.
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
---
lfs/openssh | 1 +
...SH-8.2p1_glibc-2.31_clock_nanosleep_time64.patch | 13 +++++++++++++
2 files changed, 14 insertions(+)
create mode 100644 src/patches/OpenSSH-8.2p1_glibc-2.31_clock_nanosleep_time64.patch
Comments
Hi Arne,
interesting solution, but I am okay with it for the time being.
Hopefully upstream will fix this in the next release.
Best,
-Michael
> On 10 Apr 2020, at 20:46, Arne Fitzenreiter <arne_f@ipfire.org> wrote:
>
> glibc calls clock_nanosleep_time64 syscall even if it not defined in
> the headers for this arch and the seccomp filter kills the process
> with because an unknown syscall.
>
> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
> ---
> lfs/openssh | 1 +
> ...SH-8.2p1_glibc-2.31_clock_nanosleep_time64.patch | 13 +++++++++++++
> 2 files changed, 14 insertions(+)
> create mode 100644 src/patches/OpenSSH-8.2p1_glibc-2.31_clock_nanosleep_time64.patch
>
> diff --git a/lfs/openssh b/lfs/openssh
> index 68a7d63cd..2f3eda74f 100644
> --- a/lfs/openssh
> +++ b/lfs/openssh
> @@ -71,6 +71,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
> @$(PREBUILD)
> @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
> cd $(DIR_APP) && sed -i "s/lkrb5 -ldes/lkrb5/" configure
> + cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/OpenSSH-8.2p1_glibc-2.31_clock_nanosleep_time64.patch
> cd $(DIR_APP) && ./configure \
> --prefix=/usr \
> --sysconfdir=/etc/ssh \
> diff --git a/src/patches/OpenSSH-8.2p1_glibc-2.31_clock_nanosleep_time64.patch b/src/patches/OpenSSH-8.2p1_glibc-2.31_clock_nanosleep_time64.patch
> new file mode 100644
> index 000000000..5199872d9
> --- /dev/null
> +++ b/src/patches/OpenSSH-8.2p1_glibc-2.31_clock_nanosleep_time64.patch
> @@ -0,0 +1,13 @@
> +diff -Naur openssh-8.2p1.org/sandbox-seccomp-filter.c openssh-8.2p1/sandbox-seccomp-filter.c
> +--- openssh-8.2p1.org/sandbox-seccomp-filter.c 2020-04-10 18:14:56.152309584 +0200
> ++++ openssh-8.2p1/sandbox-seccomp-filter.c 2020-04-10 21:05:45.827921765 +0200
> +@@ -253,6 +253,9 @@
> + #endif
> + #ifdef __NR_clock_nanosleep_time64
> + SC_ALLOW(__NR_clock_nanosleep_time64),
> ++#else
> ++ /* on i586 glibc call syscall 407 which is not defined */
> ++ SC_ALLOW(407),
> + #endif
> + #ifdef __NR_clock_gettime64
> + SC_ALLOW(__NR_clock_gettime64),
> --
> 2.17.1
>
@@ -71,6 +71,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
@$(PREBUILD)
@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
cd $(DIR_APP) && sed -i "s/lkrb5 -ldes/lkrb5/" configure
+ cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/OpenSSH-8.2p1_glibc-2.31_clock_nanosleep_time64.patch
cd $(DIR_APP) && ./configure \
--prefix=/usr \
--sysconfdir=/etc/ssh \
new file mode 100644
@@ -0,0 +1,13 @@
+diff -Naur openssh-8.2p1.org/sandbox-seccomp-filter.c openssh-8.2p1/sandbox-seccomp-filter.c
+--- openssh-8.2p1.org/sandbox-seccomp-filter.c 2020-04-10 18:14:56.152309584 +0200
++++ openssh-8.2p1/sandbox-seccomp-filter.c 2020-04-10 21:05:45.827921765 +0200
+@@ -253,6 +253,9 @@
+ #endif
+ #ifdef __NR_clock_nanosleep_time64
+ SC_ALLOW(__NR_clock_nanosleep_time64),
++#else
++ /* on i586 glibc call syscall 407 which is not defined */
++ SC_ALLOW(407),
+ #endif
+ #ifdef __NR_clock_gettime64
+ SC_ALLOW(__NR_clock_gettime64),