kiss-community/repo
2
0
Fork 1
mirror of https://codeberg.org/kiss-community/repo synced 2024-07-02 14:02:27 +00:00
Code Issues Wiki

firefox: cleanup musl-sandbox.patch

Browse Source
This commit is contained in:
git-bruh 2024-05-28 00:53:04 +05:30
parent f74c19ade9
commit c67e6e9843
No known key found for this signature in database
2 changed files with 25 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
extra/firefox/checksums
View File

@ -2,7 +2,7 @@
6484da1d65744d0867ba3fb5e008bd32a1c17d9234a05225206f334f6f46909526
3e4e722acd2ab2e38a16ec23b29296318d77cc54f034d4b21d91bde085e26bc0a3
49e95cf848c09df618587bb8286bed3ed9531e24554b9ef275f070201078dba7f5
1d235adaadc4c41092128986f7f4b239d00dc4a0f4377f7aa73d11e097ce8d4117
9207f7b9aaaeaa7e55b07e8a723f34413f7436404a2c161751e92bf785dffdaa90
8c0f419eb138061e67dbe2ac73e9c8332649fb90aacb57ac4f00d5de94c0cf23a8
f65906c4942c676d93d12a5dfd4061e5a14981514ac58ee8d1a67e6724bcaf230a
1cace7c18c7d80b4abe8665d5ec2c66a0f3c1807ff3f7c8311b925f8ed635037f0

36
extra/firefox/patches/musl-sandbox.patch
View File

@ -1,22 +1,25 @@
diff --git a/security/sandbox/linux/SandboxFilter.cpp b/security/sandbox/linux/SandboxFilter.cpp
index a3b70e7..e5e604f 100644
make SYS_fork non-fatal, musl uses it for fork(2)
--- a/security/sandbox/linux/SandboxFilter.cpp
+++ b/security/sandbox/linux/SandboxFilter.cpp
@@ -1595,6 +1595,11 @@ class ContentSandboxPolicy : public SandboxPolicyCommon {
@@ -1253,6 +1253,10 @@
// usually do something reasonable on error.
case __NR_clone:
return ClonePolicy(Error(EPERM));
+# ifdef __NR_fork
+#ifdef __NR_fork
+ case __NR_fork:
+ return Error(ENOSYS);
+# endif
+
+#endif
# ifdef __NR_fadvise64
case __NR_fadvise64:
return Allow();
@@ -1736,10 +1741,10 @@ class GMPSandboxPolicy : public SandboxPolicyCommon {
return Allow();
case __NR_sched_get_priority_min:
upstream bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1657849
diff --git a/security/sandbox/linux/SandboxFilter.cpp b/security/sandbox/linux/SandboxFilter.cpp
index ed958bc..9824433 100644
--- a/security/sandbox/linux/SandboxFilter.cpp
+++ b/security/sandbox/linux/SandboxFilter.cpp
@@ -1751,6 +1751,6 @@ class GMPSandboxPolicy : public SandboxPolicyCommon {
case __NR_sched_get_priority_max:
+ case __NR_sched_setscheduler:
return Allow();
@ -25,5 +28,14 @@ index a3b70e7..e5e604f 100644
- case __NR_sched_setscheduler: {
+ case __NR_sched_getscheduler: {
Arg<pid_t> pid(0);
return If(pid == 0, Allow()).Else(Trap(SchedTrap, nullptr));
@@ -1926,3 +1926,2 @@ class RDDSandboxPolicy final : public SandboxPolicyCommon {
case __NR_sched_getscheduler:
- case __NR_sched_setscheduler:
case __NR_sched_getattr:
@@ -1932,2 +1931,5 @@ class RDDSandboxPolicy final : public SandboxPolicyCommon {
}
+ // sched_setscheduler gets special treatment here (bug 1657849):
+ case __NR_sched_setscheduler:
+ return Allow();