diff options
author | Natanael Copa <ncopa@alpinelinux.org> | 2020-08-07 12:52:06 +0000 |
---|---|---|
committer | Natanael Copa <ncopa@alpinelinux.org> | 2020-08-07 16:03:18 +0000 |
commit | 52b080010796c7c54ab8f56fc1c50ad4c88b6d3c (patch) | |
tree | dbbc45a6d15ec4d710ba71cc001b37a648273ccf | |
parent | 51fe858afa94692757f29e016cbfff133f5849cf (diff) |
community/firefox: fix sandbox error
ref #11822
-rw-r--r-- | community/firefox/APKBUILD | 4 | ||||
-rw-r--r-- | community/firefox/sandbox-sched_setscheduler.patch | 23 |
2 files changed, 26 insertions, 1 deletions
diff --git a/community/firefox/APKBUILD b/community/firefox/APKBUILD index 43d59ef8051..f6980b124f3 100644 --- a/community/firefox/APKBUILD +++ b/community/firefox/APKBUILD @@ -5,7 +5,7 @@ pkgname=firefox pkgver=79.0 # Date of release, YY-MM-DD for metainfo file (see package()) _releasedate=2020-07-27 -pkgrel=0 +pkgrel=1 pkgdesc="Firefox web browser" url="https://www.firefox.com/" # Limited on: @@ -75,6 +75,7 @@ source="https://ftp.mozilla.org/pub/firefox/releases/$pkgver/source/firefox-$pkg remove-faulty-libvpx-check.patch disable-neon-in-aom.patch sandbox-fork.patch + sandbox-sched_setscheduler.patch firefox-pipewire-0-3.patch avoid-redefinition.patch @@ -345,6 +346,7 @@ f3b7c3e804ce04731012a46cb9e9a6b0769e3772aef9c0a4a8c7520b030fdf6cd703d5e9ff49275f bb75b2abda86e455d81571052a2cfec5a9d858ffa91c50a7217b4b6c02cbfc0400e9114a27bd54ce78d7d3a44e9b03927cf0317654d98c0f39d26c63c9670117 remove-faulty-libvpx-check.patch f963fcdba7307a0b1712dfb95ceba4ab49f449f60e550bb69d15d50272e6df9add90862251ee561e4ea5fd171a2703552ffa7aade92996f5f0b3e577f1544a6d disable-neon-in-aom.patch 4911ddb41bef8d9f6d6200159cde465627e940fe1c09099be55769d21a5a52a3f737e1bf803daa96126c035b091aea880fbc5d2e6cf5da96ddd17322461a72d6 sandbox-fork.patch +db26757b2ebf9f567962e32294b4ae48b3a5d0378a7589dfe650fe3a179ff58befbab5082981c68e1c25fb9e56b2db1e4e510d4bca17c3e3aedbf9a2f21806eb sandbox-sched_setscheduler.patch 5927f4f6fa9e6a208bed1f37e2c2f2e9633d280a7cb2baa0c74567107ba30524b7ccbbea5961a34eb7a3c39ec07c5a11ef5e2bb5dd5ca884441f9e868c056503 firefox-pipewire-0-3.patch 360c687f45bfc13812f0dc4e42afafe410c801d8df7a73ec947cb110677ea51087ed123d36b3d1e959eb438f77c44d9a90b503dd611a962453a55d93938f7016 avoid-redefinition.patch b8437c0d8c48b99f5a528d782340c6bb61509c444da8b3414acc3cb3359e547bf20f1cc3086881fb03c9db5bb3fb604bb900b3f9938bbc9bc3ddde9a679eaae2 fix-rustc-1.45-build.patch" diff --git a/community/firefox/sandbox-sched_setscheduler.patch b/community/firefox/sandbox-sched_setscheduler.patch new file mode 100644 index 00000000000..1db645aebbd --- /dev/null +++ b/community/firefox/sandbox-sched_setscheduler.patch @@ -0,0 +1,23 @@ +upstream bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1657849 +diff --git a/security/sandbox/linux/SandboxFilter.cpp b/security/sandbox/linux/SandboxFilter.cpp +index 27da4e7..5a607a4 100644 +--- a/security/sandbox/linux/SandboxFilter.cpp ++++ b/security/sandbox/linux/SandboxFilter.cpp +@@ -1455,6 +1455,7 @@ class GMPSandboxPolicy : public SandboxPolicyCommon { + return Trap(OpenTrap, mFiles); + + case __NR_brk: ++ case __NR_sched_setscheduler: + // Because Firefox on glibc resorts to the fallback implementation + // mentioned in bug 1576006, we must explicitly allow the get*id() + // functions in order to use NSS in the clearkey CDM. +@@ -1467,8 +1468,7 @@ class GMPSandboxPolicy : public SandboxPolicyCommon { + case __NR_sched_get_priority_max: + return Allow(); + case __NR_sched_getparam: +- case __NR_sched_getscheduler: +- case __NR_sched_setscheduler: { ++ case __NR_sched_getscheduler: { + Arg<pid_t> pid(0); + return If(pid == 0, Allow()).Else(Trap(SchedTrap, nullptr)); + } |