repo/extra/firefox/patches/musl-sandbox.patch

make SYS_fork non-fatal, musl uses it for fork(2)

--- a/security/sandbox/linux/SandboxFilter.cpp
+++ b/security/sandbox/linux/SandboxFilter.cpp
@@ -1253,6 +1253,10 @@
         // usually do something reasonable on error.
       case __NR_clone:
         return ClonePolicy(Error(EPERM));
+#ifdef __NR_fork
+      case __NR_fork:
+        return Error(ENOSYS);
+#endif
 
 #  ifdef __NR_fadvise64
       case __NR_fadvise64:

upstream bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1657849
diff --git a/security/sandbox/linux/SandboxFilter.cpp b/security/sandbox/linux/SandboxFilter.cpp
index ed958bc..9824433 100644
--- a/security/sandbox/linux/SandboxFilter.cpp
+++ b/security/sandbox/linux/SandboxFilter.cpp
@@ -1751,6 +1751,6 @@ class GMPSandboxPolicy : public SandboxPolicyCommon {
       case __NR_sched_get_priority_max:
+      case __NR_sched_setscheduler:
         return Allow();
       case __NR_sched_getparam:
-      case __NR_sched_getscheduler:
-      case __NR_sched_setscheduler: {
+      case __NR_sched_getscheduler: {
         Arg<pid_t> pid(0);
@@ -1926,3 +1926,2 @@ class RDDSandboxPolicy final : public SandboxPolicyCommon {
       case __NR_sched_getscheduler:
-      case __NR_sched_setscheduler:
       case __NR_sched_getattr:
@@ -1932,2 +1931,5 @@ class RDDSandboxPolicy final : public SandboxPolicyCommon {
       }
+      // sched_setscheduler gets special treatment here (bug 1657849):
+      case __NR_sched_setscheduler:
+        return Allow();
firefox: cleanup musl-sandbox.patch 2024-05-27 19:23:04 +00:00			`make SYS_fork non-fatal, musl uses it for fork(2)`

firefox: 108.0 2022-12-12 19:01:56 +00:00			`--- a/security/sandbox/linux/SandboxFilter.cpp`
			`+++ b/security/sandbox/linux/SandboxFilter.cpp`
firefox: cleanup musl-sandbox.patch 2024-05-27 19:23:04 +00:00			`@@ -1253,6 +1253,10 @@`
			`// usually do something reasonable on error.`
firefox: 126.0 2024-05-13 18:17:21 +00:00			`case __NR_clone:`
			`return ClonePolicy(Error(EPERM));`
firefox: cleanup musl-sandbox.patch 2024-05-27 19:23:04 +00:00			`+#ifdef __NR_fork`
firefox: 108.0 2022-12-12 19:01:56 +00:00			`+ case __NR_fork:`
			`+ return Error(ENOSYS);`
firefox: cleanup musl-sandbox.patch 2024-05-27 19:23:04 +00:00			`+#endif`

firefox: 108.0 2022-12-12 19:01:56 +00:00			`# ifdef __NR_fadvise64`
			`case __NR_fadvise64:`
firefox: cleanup musl-sandbox.patch 2024-05-27 19:23:04 +00:00
			`upstream bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1657849`
			`diff --git a/security/sandbox/linux/SandboxFilter.cpp b/security/sandbox/linux/SandboxFilter.cpp`
			`index ed958bc..9824433 100644`
			`--- a/security/sandbox/linux/SandboxFilter.cpp`
			`+++ b/security/sandbox/linux/SandboxFilter.cpp`
			`@@ -1751,6 +1751,6 @@ class GMPSandboxPolicy : public SandboxPolicyCommon {`
firefox: 108.0 2022-12-12 19:01:56 +00:00			`case __NR_sched_get_priority_max:`
			`+ case __NR_sched_setscheduler:`
			`return Allow();`
			`case __NR_sched_getparam:`
			`- case __NR_sched_getscheduler:`
			`- case __NR_sched_setscheduler: {`
			`+ case __NR_sched_getscheduler: {`
			`Arg<pid_t> pid(0);`
firefox: cleanup musl-sandbox.patch 2024-05-27 19:23:04 +00:00			`@@ -1926,3 +1926,2 @@ class RDDSandboxPolicy final : public SandboxPolicyCommon {`
			`case __NR_sched_getscheduler:`
			`- case __NR_sched_setscheduler:`
			`case __NR_sched_getattr:`
			`@@ -1932,2 +1931,5 @@ class RDDSandboxPolicy final : public SandboxPolicyCommon {`
firefox: 108.0 2022-12-12 19:01:56 +00:00			`}`
firefox: cleanup musl-sandbox.patch 2024-05-27 19:23:04 +00:00			`+ // sched_setscheduler gets special treatment here (bug 1657849):`
			`+ case __NR_sched_setscheduler:`
			`+ return Allow();`