From ef1da17783fd1114f9340daf5fdf3fc775f96d74 Mon Sep 17 00:00:00 2001
From: Jakub Jelen <jjelen@redhat.com>
Date: Wed, 16 Nov 2016 08:38:35 +0100
Subject: [PATCH] GSSAPI requires futex syscall in privsep child (#1395288)

---
 openssh-7.2p1-gsskex.patch | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/openssh-7.2p1-gsskex.patch b/openssh-7.2p1-gsskex.patch
index cc4aa20..deb6637 100644
--- a/openssh-7.2p1-gsskex.patch
+++ b/openssh-7.2p1-gsskex.patch
@@ -3002,3 +3002,17 @@ index e2ca8a1..6c5ac3f 100644
 +
  #endif /* ! _PORT_LINUX_H */
 
+diff --git a/sandbox-seccomp-filter.c b/sandbox-seccomp-filter.c
+index 3e6f982..4c2653f 100644
+--- a/sandbox-seccomp-filter.c
++++ b/sandbox-seccomp-filter.c
+@@ -213,6 +213,9 @@ static const struct sock_filter preauth_insns[] = {
+ #ifdef __NR_write
+ 	SC_ALLOW(write),
+ #endif
++#ifdef __NR_futex
++	SC_ALLOW(futex), /* for GSSAPI Kex */
++#endif
+ #ifdef __NR_socketcall
+ 	SC_ALLOW_ARG(socketcall, 0, SYS_SHUTDOWN),
+ #endif