mirrors/flatcar-scripts
1
0
Fork 0
mirror of https://github.com/flatcar/scripts.git synced 2025-08-08 05:26:58 +02:00
Code Issues Packages Projects Releases Wiki Activity

sys-apps/file: Sync with Gentoo

Browse Source 
It's from Gentoo commit 1a8e3a3717ff4d46c6c7b1d356ded751275c531d.
This commit is contained in:
Flatcar Buildbot 2023-10-23 07:14:49 +00:00 committed by Krzesimir Nowak
parent dbed59b744
commit e86224aecc
2 changed files with 57 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
sdk_container/src/third_party/portage-stable/sys-apps/file/file-5.45-r1.ebuild → sdk_container/src/third_party/portage-stable/sys-apps/file/file-5.45-r3.ebuild vendored
View File

@ -60,7 +60,7 @@ QA_CONFIG_IMPL_DECL_SKIP=( makedev )
PATCHES=( PATCHES=(
"${FILESDIR}/file-5.43-seccomp-fstatat64-musl.patch" #789336, not upstream yet "${FILESDIR}/file-5.43-seccomp-fstatat64-musl.patch" #789336, not upstream yet
"${FILESDIR}/file-5.43-portage-sandbox.patch" #889046 "${FILESDIR}/file-5.45-seccomp-sandbox.patch"
"${FILESDIR}/${P}-32-bit-time_t.patch" "${FILESDIR}/${P}-32-bit-time_t.patch"
"${FILESDIR}/${P}-32-bit-time_t-deux.patch" "${FILESDIR}/${P}-32-bit-time_t-deux.patch"
"${FILESDIR}/${P}-weak-magic-shell.patch" #908401 "${FILESDIR}/${P}-weak-magic-shell.patch" #908401

56
sdk_container/src/third_party/portage-stable/sys-apps/file/files/file-5.45-seccomp-sandbox.patch vendored Normal file
View File

@ -0,0 +1,56 @@
From b05f904dc5df267f90c6489817a379cb7f7f62ee Mon Sep 17 00:00:00 2001
From: Mike Gilbert <floppym@gentoo.org>
Date: Thu, 19 Oct 2023 13:58:20 -0400
Subject: [PATCH] seccomp: allow syscalls used by Gentoo's LD_PRELOAD sandbox
Bug: https://bugs.gentoo.org/728978
Bug: https://bugs.gentoo.org/889046
Bug: https://bugs.gentoo.org/915890
---
src/seccomp.c | 20 ++++++++++++++++++++
1 file changed, 20 insertions(+)
diff --git a/src/seccomp.c b/src/seccomp.c
index 87d4c49e..f1804660 100644
--- a/src/seccomp.c
+++ b/src/seccomp.c
@@ -174,6 +174,9 @@ enable_sandbox_full(void)
ALLOW_RULE(exit_group);
#ifdef __NR_faccessat
ALLOW_RULE(faccessat);
+#endif
+#ifdef __NR_faccessat2
+ ALLOW_RULE(faccessat2);
#endif
ALLOW_RULE(fcntl);
ALLOW_RULE(fcntl64);
@@ -185,9 +188,26 @@ enable_sandbox_full(void)
ALLOW_RULE(fstatat64);
#endif
ALLOW_RULE(futex);
+ ALLOW_RULE(getcwd);
ALLOW_RULE(getdents);
#ifdef __NR_getdents64
ALLOW_RULE(getdents64);
+#endif
+ ALLOW_RULE(getegid);
+#ifdef __NR_getegid32
+ ALLOW_RULE(getegid32);
+#endif
+ ALLOW_RULE(geteuid);
+#ifdef __NR_geteuid32
+ ALLOW_RULE(geteuid32);
+#endif
+ ALLOW_RULE(getgid);
+#ifdef __NR_getgid32
+ ALLOW_RULE(getgid32);
+#endif
+ ALLOW_RULE(getuid);
+#ifdef __NR_getuid32
+ ALLOW_RULE(getuid32);
#endif
#ifdef FIONREAD
// called in src/compress.c under sread
--
2.42.0