From c79ade1296e809d6c4947acf43e2b1535e7b635b Mon Sep 17 00:00:00 2001
From: Jakub Jelen <jjelen@redhat.com>
Date: Wed, 16 Nov 2016 08:38:35 +0100
Subject: [PATCH] GSSAPI requires futex syscall in privsep child (#1395288)

---
 openssh-7.2p1-gsskex.patch | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/openssh-7.2p1-gsskex.patch b/openssh-7.2p1-gsskex.patch
index 4544c54..186d399 100644
--- a/openssh-7.2p1-gsskex.patch
+++ b/openssh-7.2p1-gsskex.patch
@@ -2777,3 +2777,17 @@ index b2f9658..2d33ff7 100644
  		    dh->p, dh->g,
  		    dh_client_pub,
  		    dh->pub_key,
+diff --git a/sandbox-seccomp-filter.c b/sandbox-seccomp-filter.c
+index 3e6f982..4c2653f 100644
+--- a/sandbox-seccomp-filter.c
++++ b/sandbox-seccomp-filter.c
+@@ -213,6 +213,9 @@ static const struct sock_filter preauth_insns[] = {
+ #ifdef __NR_write
+ 	SC_ALLOW(write),
+ #endif
++#ifdef __NR_futex
++	SC_ALLOW(futex), /* for GSSAPI Kex */
++#endif
+ #ifdef __NR_socketcall
+ 	SC_ALLOW_ARG(socketcall, 0, SYS_SHUTDOWN),
+ #endif