diff options
| author | Eduardo Barretto <ebarretto@linux.vnet.ibm.com> | 2017-05-09 13:33:30 -0300 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2019-10-05 18:30:40 +1000 |
| commit | 8dc7d6b75a7f746fdd056acd41dffc0a13557a4c (patch) | |
| tree | 27ee74175a86f735b29fb93077bb600917001bf7 | |
| parent | 07f2c7f34951c04d2cd796ac6c80e47c56c4969e (diff) | |
Enable specific ioctl call for EP11 crypto card (s390)
The EP11 crypto card needs to make an ioctl call, which receives an
specific argument. This crypto card is for s390 only.
Signed-off-by: Eduardo Barretto <ebarretto@linux.vnet.ibm.com>
| -rw-r--r-- | sandbox-seccomp-filter.c | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/sandbox-seccomp-filter.c b/sandbox-seccomp-filter.c index 39dc289e..b5cda70b 100644 --- a/sandbox-seccomp-filter.c +++ b/sandbox-seccomp-filter.c @@ -282,6 +282,8 @@ static const struct sock_filter preauth_insns[] = { SC_ALLOW_ARG(__NR_ioctl, 1, ICARSAMODEXPO), SC_ALLOW_ARG(__NR_ioctl, 1, ICARSACRT), SC_ALLOW_ARG(__NR_ioctl, 1, ZSECSENDCPRB), + /* Allow ioctls for EP11 crypto card on s390 */ + SC_ALLOW_ARG(__NR_ioctl, 1, ZSENDEP11CPRB), #endif #if defined(__x86_64__) && defined(__ILP32__) && defined(__X32_SYSCALL_BIT) /* |