diff options
| author |   Mike Gilbert <floppym@gentoo.org> | 2021-04-23 15:10:09 -0400 |
|---|---|---|
| committer | Mike Gilbert <floppym@gentoo.org> | 2021-04-23 15:10:09 -0400 |
| commit | 0813d843cb2a43c748fdf6c9d5ac6dc882104dcf (patch) | |
| tree | b61814f302c8dbf612616a2e08fa5a97ded8d14b /sys-apps | |
| parent | media-libs/tg_owt: drop old (diff) | |
| download | gentoo-0813d843cb2a43c748fdf6c9d5ac6dc882104dcf.tar.gz gentoo-0813d843cb2a43c748fdf6c9d5ac6dc882104dcf.tar.bz2 gentoo-0813d843cb2a43c748fdf6c9d5ac6dc882104dcf.zip | |
sys-apps/file: allow faccessat and fstatat64 syscalls
Closes: https://bugs.gentoo.org/784857
Signed-off-by: Mike Gilbert <floppym@gentoo.org>
Diffstat (limited to 'sys-apps')
| -rw-r--r-- | sys-apps/file/file-5.40-r2.ebuild (renamed from sys-apps/file/file-5.40-r1.ebuild) | 2 | ||||
| -rw-r--r-- | sys-apps/file/files/file-5.40-seccomp-faccessat.patch | 34 | ||||
| -rw-r--r-- | sys-apps/file/files/file-5.40-seccomp-fstatat64.patch | 29 |
3 files changed, 65 insertions, 0 deletions
diff --git a/sys-apps/file/file-5.40-r1.ebuild b/sys-apps/file/file-5.40-r2.ebuild index a901c2a40033..f46a59bccfae 100644 --- a/sys-apps/file/file-5.40-r1.ebuild +++ b/sys-apps/file/file-5.40-r2.ebuild @@ -39,6 +39,8 @@ RDEPEND="${DEPEND} PATCHES=( "${FILESDIR}/file-5.39-portage-sandbox.patch" #713710 #728978 "${FILESDIR}/file-5.40-xz_magic.patch" #784773 + "${FILESDIR}/file-5.40-seccomp-faccessat.patch" + "${FILESDIR}/file-5.40-seccomp-fstatat64.patch" #784857 ) src_prepare() { diff --git a/sys-apps/file/files/file-5.40-seccomp-faccessat.patch b/sys-apps/file/files/file-5.40-seccomp-faccessat.patch new file mode 100644 index 000000000000..4aeb88cfe875 --- /dev/null +++ b/sys-apps/file/files/file-5.40-seccomp-faccessat.patch @@ -0,0 +1,34 @@ +From abcd583135bb0762e6bfd0f2e06c50bea1fb3cd0 Mon Sep 17 00:00:00 2001 +From: Christos Zoulas <christos@zoulas.com> +Date: Tue, 6 Apr 2021 22:02:17 +0000 +Subject: [PATCH] On ARM64 Linux access() syscall is no longer a real syscall + to the kernel. Instead it's emulated by glibc with a new faccessat() syscall. + (Icenowy Zheng) + +--- + src/seccomp.c | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +diff --git a/src/seccomp.c b/src/seccomp.c +index 0da907ff7..81842cf5c 100644 +--- a/src/seccomp.c ++++ b/src/seccomp.c +@@ -27,7 +27,7 @@ + #include "file.h" + + #ifndef lint +-FILE_RCSID("@(#)$File: seccomp.c,v 1.18 2021/03/14 17:01:58 christos Exp $") ++FILE_RCSID("@(#)$File: seccomp.c,v 1.19 2021/04/06 22:02:17 christos Exp $") + #endif /* lint */ + + #if HAVE_LIBSECCOMP +@@ -171,6 +171,9 @@ enable_sandbox_full(void) + ALLOW_RULE(dup2); + ALLOW_RULE(exit); + ALLOW_RULE(exit_group); ++#ifdef __NR_faccessat ++ ALLOW_RULE(faccessat); ++#endif + ALLOW_RULE(fcntl); + ALLOW_RULE(fcntl64); + ALLOW_RULE(fstat); diff --git a/sys-apps/file/files/file-5.40-seccomp-fstatat64.patch b/sys-apps/file/files/file-5.40-seccomp-fstatat64.patch new file mode 100644 index 000000000000..57d04e5f40cf --- /dev/null +++ b/sys-apps/file/files/file-5.40-seccomp-fstatat64.patch @@ -0,0 +1,29 @@ +From e3d0265a147878b6c2903bcc83b9842dff68ceb4 Mon Sep 17 00:00:00 2001 +From: Mike Gilbert <floppym@gentoo.org> +Date: Fri, 23 Apr 2021 15:00:42 -0400 +Subject: [PATCH] seccomp: allow fstatat64 + +This is needed for the libsandbox LD_PRELOAD wrapper on Gentoo Linux. + +Bug: https://bugs.gentoo.org/784857 +--- + src/seccomp.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/src/seccomp.c b/src/seccomp.c +index 81842cf5..43abc684 100644 +--- a/src/seccomp.c ++++ b/src/seccomp.c +@@ -178,6 +178,9 @@ enable_sandbox_full(void) + ALLOW_RULE(fcntl64); + ALLOW_RULE(fstat); + ALLOW_RULE(fstat64); ++#ifdef __NR_fstatat64 ++ ALLOW_RULE(fstatat64); ++#endif + ALLOW_RULE(futex); + ALLOW_RULE(getdents); + #ifdef __NR_getdents64 +-- +2.31.1 + |