| Message ID | 20200410194629.17220-1-arne_f@ipfire.org |
|---|---|
| State | Accepted |
| Commit | b14b37ba67eb52e1423781a329e3ea459a1334f5 |
| Headers | show |
| Series | OpenSSH: fix login on i?86 | expand |
Hi Arne, interesting solution, but I am okay with it for the time being. Hopefully upstream will fix this in the next release. Best, -Michael > On 10 Apr 2020, at 20:46, Arne Fitzenreiter <arne_f@ipfire.org> wrote: > > glibc calls clock_nanosleep_time64 syscall even if it not defined in > the headers for this arch and the seccomp filter kills the process > with because an unknown syscall. > > Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org> > --- > lfs/openssh | 1 + > ...SH-8.2p1_glibc-2.31_clock_nanosleep_time64.patch | 13 +++++++++++++ > 2 files changed, 14 insertions(+) > create mode 100644 src/patches/OpenSSH-8.2p1_glibc-2.31_clock_nanosleep_time64.patch > > diff --git a/lfs/openssh b/lfs/openssh > index 68a7d63cd..2f3eda74f 100644 > --- a/lfs/openssh > +++ b/lfs/openssh > @@ -71,6 +71,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) > @$(PREBUILD) > @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE) > cd $(DIR_APP) && sed -i "s/lkrb5 -ldes/lkrb5/" configure > + cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/OpenSSH-8.2p1_glibc-2.31_clock_nanosleep_time64.patch > cd $(DIR_APP) && ./configure \ > --prefix=/usr \ > --sysconfdir=/etc/ssh \ > diff --git a/src/patches/OpenSSH-8.2p1_glibc-2.31_clock_nanosleep_time64.patch b/src/patches/OpenSSH-8.2p1_glibc-2.31_clock_nanosleep_time64.patch > new file mode 100644 > index 000000000..5199872d9 > --- /dev/null > +++ b/src/patches/OpenSSH-8.2p1_glibc-2.31_clock_nanosleep_time64.patch > @@ -0,0 +1,13 @@ > +diff -Naur openssh-8.2p1.org/sandbox-seccomp-filter.c openssh-8.2p1/sandbox-seccomp-filter.c > +--- openssh-8.2p1.org/sandbox-seccomp-filter.c 2020-04-10 18:14:56.152309584 +0200 > ++++ openssh-8.2p1/sandbox-seccomp-filter.c 2020-04-10 21:05:45.827921765 +0200 > +@@ -253,6 +253,9 @@ > + #endif > + #ifdef __NR_clock_nanosleep_time64 > + SC_ALLOW(__NR_clock_nanosleep_time64), > ++#else > ++ /* on i586 glibc call syscall 407 which is not defined */ > ++ SC_ALLOW(407), > + #endif > + #ifdef __NR_clock_gettime64 > + SC_ALLOW(__NR_clock_gettime64), > -- > 2.17.1 >
diff --git a/lfs/openssh b/lfs/openssh index 68a7d63cd..2f3eda74f 100644 --- a/lfs/openssh +++ b/lfs/openssh @@ -71,6 +71,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @$(PREBUILD) @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE) cd $(DIR_APP) && sed -i "s/lkrb5 -ldes/lkrb5/" configure + cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/OpenSSH-8.2p1_glibc-2.31_clock_nanosleep_time64.patch cd $(DIR_APP) && ./configure \ --prefix=/usr \ --sysconfdir=/etc/ssh \ diff --git a/src/patches/OpenSSH-8.2p1_glibc-2.31_clock_nanosleep_time64.patch b/src/patches/OpenSSH-8.2p1_glibc-2.31_clock_nanosleep_time64.patch new file mode 100644 index 000000000..5199872d9 --- /dev/null +++ b/src/patches/OpenSSH-8.2p1_glibc-2.31_clock_nanosleep_time64.patch @@ -0,0 +1,13 @@ +diff -Naur openssh-8.2p1.org/sandbox-seccomp-filter.c openssh-8.2p1/sandbox-seccomp-filter.c +--- openssh-8.2p1.org/sandbox-seccomp-filter.c 2020-04-10 18:14:56.152309584 +0200 ++++ openssh-8.2p1/sandbox-seccomp-filter.c 2020-04-10 21:05:45.827921765 +0200 +@@ -253,6 +253,9 @@ + #endif + #ifdef __NR_clock_nanosleep_time64 + SC_ALLOW(__NR_clock_nanosleep_time64), ++#else ++ /* on i586 glibc call syscall 407 which is not defined */ ++ SC_ALLOW(407), + #endif + #ifdef __NR_clock_gettime64 + SC_ALLOW(__NR_clock_gettime64),
glibc calls clock_nanosleep_time64 syscall even if it not defined in the headers for this arch and the seccomp filter kills the process with because an unknown syscall. Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org> --- lfs/openssh | 1 + ...SH-8.2p1_glibc-2.31_clock_nanosleep_time64.patch | 13 +++++++++++++ 2 files changed, 14 insertions(+) create mode 100644 src/patches/OpenSSH-8.2p1_glibc-2.31_clock_nanosleep_time64.patch