ossh-bug-3093.patch

   1 diff --git a/sandbox-seccomp-filter.c b/sandbox-seccomp-filter.c
   2 index b5cda70b..f80981fa 100644
   3 --- a/sandbox-seccomp-filter.c
   4 +++ b/sandbox-seccomp-filter.c
   5 @@ -177,6 +177,9 @@ static const struct sock_filter preauth_insns[] = {
   6  #ifdef __NR_shmdt
   7         SC_DENY(__NR_shmdt, EACCES),
   8  #endif
   9 +#ifdef __NR_ipc
  10 +       SC_DENY(__NR_ipc, EACCES),
  11 +#endif
  12
  13         /* Syscalls to permit */
  14  #ifdef __NR_brk
  15 @@ -185,6 +188,9 @@ static const struct sock_filter preauth_insns[] = {
  16  #ifdef __NR_clock_gettime
  17         SC_ALLOW(__NR_clock_gettime),
  18  #endif
  19 +#ifdef __NR_clock_gettime64
  20 +       SC_ALLOW(__NR_clock_gettime64),
  21 +#endif
  22  #ifdef __NR_close
  23         SC_ALLOW(__NR_close),
  24  #endif
  25 @@ -242,6 +248,15 @@ static const struct sock_filter preauth_insns[] = {
  26  #ifdef __NR_nanosleep
  27         SC_ALLOW(__NR_nanosleep),
  28  #endif
  29 +#ifdef __NR_clock_nanosleep
  30 +       SC_ALLOW(__NR_clock_nanosleep),
  31 +#endif
  32 +#ifdef __NR_clock_nanosleep_time64
  33 +       SC_ALLOW(__NR_clock_nanosleep_time64),
  34 +#endif
  35 +#ifdef __NR_clock_gettime64
  36 +       SC_ALLOW(__NR_clock_gettime64),
  37 +#endif
  38  #ifdef __NR__newselect
  39         SC_ALLOW(__NR__newselect),
  40  #endif