Compile with new glibc

4 years ago · 361405c03b
parent 6326ab472d
commit 361405c03b
2 changed files with 23 additions and 1 deletions
--- a/ocserv-1.1.1-socketwrapper.patch
+++ b/ocserv-1.1.1-socketwrapper.patch
@ -0,0 +1,19 @@
+diff --git a/src/worker-privs.c b/src/worker-privs.c
+index ea503cd0..3d4d5fa4 100644
+--- a/src/worker-privs.c
+++ b/src/worker-privs.c
+@@ -166,6 +166,14 @@ int disable_system_calls(struct worker_st *ws)
+ 	ADD_SYSCALL(fstat, 0);
+ 	ADD_SYSCALL(lseek, 0);
+ 
+	/* if running under socketwrapper ensure we allow its calls */
+	if (getenv("SOCKET_WRAPPER_DIR") != NULL) {
+		ADD_SYSCALL(stat64, 0);
+		ADD_SYSCALL(readlink, 0);
+		ADD_SYSCALL(newfstatat, 0);
+		ADD_SYSCALL(mmap, 0);
+	}
+
+ 	ADD_SYSCALL(getsockopt, 0);
+ 	ADD_SYSCALL(setsockopt, 0);
+ 
--- a/ocserv.spec
+++ b/ocserv.spec
@ -44,6 +44,7 @@ Source8:	ocserv-genkey
 Source9:	ocserv-script
 Source10:	gpgkey-56EE7FA9E8173B19FE86268D763712747F343FA7.gpg
 Source11:	ocserv.init
+Patch0:		ocserv-1.1.1-socketwrapper.patch

 # Taken from upstream:
 # http://git.infradead.org/ocserv.git/commitdiff/7d70006a2dbddf783213f1856374bacc74217e09
@ -177,6 +178,7 @@ autoreconf -fvi
 %endif

 %configure \
+        --with-seccomp-trap \
        --without-pcl-lib \
 %if %{use_systemd}
 	--enable-systemd \
@ -285,7 +287,8 @@ install -D -m 0755 %{SOURCE11} %{buildroot}/%{_initrddir}/%{name}

 %changelog
 * Thu Oct 29 2020 Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com> - 1.1.1-3
- Rebuilt without pcllib dependency
+- Rebuild without pcllib dependency
+- Enhanced seccomp filters for tests to run in all architectures

 * Thu Sep 24 2020 Adrian Reber <adrian@lisas.de> - 1.1.1-2
 - Rebuilt for protobuf 3.13