From 361405c03bd3ce6a4ce282a1861777c94c011828 Mon Sep 17 00:00:00 2001 From: Nikos Mavrogiannopoulos Date: Thu, 29 Oct 2020 13:20:03 +0100 Subject: [PATCH] Compile with new glibc --- ocserv-1.1.1-socketwrapper.patch | 19 +++++++++++++++++++ ocserv.spec | 5 ++++- 2 files changed, 23 insertions(+), 1 deletion(-) create mode 100644 ocserv-1.1.1-socketwrapper.patch diff --git a/ocserv-1.1.1-socketwrapper.patch b/ocserv-1.1.1-socketwrapper.patch new file mode 100644 index 0000000..9f8b3c9 --- /dev/null +++ b/ocserv-1.1.1-socketwrapper.patch @@ -0,0 +1,19 @@ +diff --git a/src/worker-privs.c b/src/worker-privs.c +index ea503cd0..3d4d5fa4 100644 +--- a/src/worker-privs.c ++++ b/src/worker-privs.c +@@ -166,6 +166,14 @@ int disable_system_calls(struct worker_st *ws) + ADD_SYSCALL(fstat, 0); + ADD_SYSCALL(lseek, 0); + ++ /* if running under socketwrapper ensure we allow its calls */ ++ if (getenv("SOCKET_WRAPPER_DIR") != NULL) { ++ ADD_SYSCALL(stat64, 0); ++ ADD_SYSCALL(readlink, 0); ++ ADD_SYSCALL(newfstatat, 0); ++ ADD_SYSCALL(mmap, 0); ++ } ++ + ADD_SYSCALL(getsockopt, 0); + ADD_SYSCALL(setsockopt, 0); + diff --git a/ocserv.spec b/ocserv.spec index 011ea59..cf635cf 100644 --- a/ocserv.spec +++ b/ocserv.spec @@ -44,6 +44,7 @@ Source8: ocserv-genkey Source9: ocserv-script Source10: gpgkey-56EE7FA9E8173B19FE86268D763712747F343FA7.gpg Source11: ocserv.init +Patch0: ocserv-1.1.1-socketwrapper.patch # Taken from upstream: # http://git.infradead.org/ocserv.git/commitdiff/7d70006a2dbddf783213f1856374bacc74217e09 @@ -177,6 +178,7 @@ autoreconf -fvi %endif %configure \ + --with-seccomp-trap \ --without-pcl-lib \ %if %{use_systemd} --enable-systemd \ @@ -285,7 +287,8 @@ install -D -m 0755 %{SOURCE11} %{buildroot}/%{_initrddir}/%{name} %changelog * Thu Oct 29 2020 Nikos Mavrogiannopoulos - 1.1.1-3 -- Rebuilt without pcllib dependency +- Rebuild without pcllib dependency +- Enhanced seccomp filters for tests to run in all architectures * Thu Sep 24 2020 Adrian Reber - 1.1.1-2 - Rebuilt for protobuf 3.13