diff options
author | takeshi_hoshina <takeshi_hoshina@mail.toyota.co.jp> | 2020-11-02 11:07:33 +0900 |
---|---|---|
committer | takeshi_hoshina <takeshi_hoshina@mail.toyota.co.jp> | 2020-11-02 11:07:33 +0900 |
commit | 1c7d6584a7811b7785ae5c1e378f14b5ba0971cf (patch) | |
tree | cd70a267a5ef105ba32f200aa088e281fbd85747 /external/meta-openembedded/meta-networking/recipes-daemons/vsftpd/vsftpd-3.0.3 | |
parent | 4204309872da5cb401cbb2729d9e2d4869a87f42 (diff) |
basesystem-jjsandbox/ToshikazuOhiwa/master-jj
recipes
Diffstat (limited to 'external/meta-openembedded/meta-networking/recipes-daemons/vsftpd/vsftpd-3.0.3')
2 files changed, 46 insertions, 43 deletions
diff --git a/external/meta-openembedded/meta-networking/recipes-daemons/vsftpd/vsftpd-3.0.3/0001-vsftpd-allow-syscalls-in-the-seccomp-sandbox.patch b/external/meta-openembedded/meta-networking/recipes-daemons/vsftpd/vsftpd-3.0.3/0001-vsftpd-allow-syscalls-in-the-seccomp-sandbox.patch new file mode 100644 index 00000000..7573c967 --- /dev/null +++ b/external/meta-openembedded/meta-networking/recipes-daemons/vsftpd/vsftpd-3.0.3/0001-vsftpd-allow-syscalls-in-the-seccomp-sandbox.patch @@ -0,0 +1,46 @@ +From dd353303f62d1dfe32cb000e482616b021708fbe Mon Sep 17 00:00:00 2001 +From: Mingli Yu <mingli.yu@windriver.com> +Date: Thu, 29 Nov 2018 00:47:34 -0800 +Subject: [PATCH] vsftpd: allow syscalls in the seccomp sandbox + +* Allow sysinfo() and getdents64 in the seccomp + sandbox otherwise comes below OOPS: priv_sock_get_cmd + as the syscall sysinfo() and getdents64 not allowed + +root@qemux86-64:~# tnftp 192.168.1.1 +Connected to 192.168.1.1. +220 (vsFTPd 3.0.3) +Name (192.168.1.1:root): anonymous +331 Please specify the password. +Password: +230 Login successful. +Remote system type is UNIX. +Using binary mode to transfer files. +ftp> prompt +Interactive mode off. +ftp> mget small* +OOPS: priv_sock_get_cmd + +Upstream-Status: Pending + +Signed-off-by: Mingli Yu <mingli.yu@windriver.com> +--- + seccompsandbox.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/seccompsandbox.c b/seccompsandbox.c +index 2c350a9..377c50e 100644 +--- a/seccompsandbox.c ++++ b/seccompsandbox.c +@@ -409,6 +409,8 @@ seccomp_sandbox_setup_postlogin(const struct vsf_session* p_sess) + allow_nr(__NR_getcwd); + allow_nr(__NR_chdir); + allow_nr(__NR_getdents); ++ allow_nr(__NR_getdents64); ++ allow_nr(__NR_sysinfo); + /* Misc */ + allow_nr(__NR_umask); + +-- +2.17.1 + diff --git a/external/meta-openembedded/meta-networking/recipes-daemons/vsftpd/vsftpd-3.0.3/0001-vsftpd-allow-sysinfo-in-the-seccomp-sandbox.patch b/external/meta-openembedded/meta-networking/recipes-daemons/vsftpd/vsftpd-3.0.3/0001-vsftpd-allow-sysinfo-in-the-seccomp-sandbox.patch deleted file mode 100644 index c6c0f80a..00000000 --- a/external/meta-openembedded/meta-networking/recipes-daemons/vsftpd/vsftpd-3.0.3/0001-vsftpd-allow-sysinfo-in-the-seccomp-sandbox.patch +++ /dev/null @@ -1,43 +0,0 @@ -From 9c4826c19f04da533886209361a2caddf582d65c Mon Sep 17 00:00:00 2001 -From: Mingli Yu <Mingli.Yu@windriver.com> -Date: Tue, 6 Sep 2016 17:17:44 +0800 -Subject: [PATCH] vsftpd: allow sysinfo() in the seccomp sandbox - -Upstream-Status: Pending - -* Allow sysinfo() in the seccomp sandbox otherwise - comes below OOPS: priv_sock_get_cmd as the syscall - sysinfo() not allowed - -tnftp 192.168.1.1 -Connected to 192.168.1.1. -220 (vsFTPd 3.0.3) -Name (192.168.1.1:root): anonymous -331 Please specify the password. -Password: -230 Login successful. -Remote system type is UNIX. -Using binary mode to transfer files. -ftp> prompt -Interactive mode off. -ftp> mget small* -OOPS: priv_sock_get_cmd - -Signed-off-by: Mingli Yu <Mingli.Yu@windriver.com> - ---- - seccompsandbox.c | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/seccompsandbox.c b/seccompsandbox.c -index 2c350a9..67d9ca5 100644 ---- a/seccompsandbox.c -+++ b/seccompsandbox.c -@@ -409,6 +409,7 @@ seccomp_sandbox_setup_postlogin(const struct vsf_session* p_sess) - allow_nr(__NR_getcwd); - allow_nr(__NR_chdir); - allow_nr(__NR_getdents); -+ allow_nr(__NR_sysinfo); - /* Misc */ - allow_nr(__NR_umask); - |