diff options
Diffstat (limited to 'community/chromium/musl-sandbox.patch')
| -rw-r--r-- | community/chromium/musl-sandbox.patch | 48 |
1 files changed, 32 insertions, 16 deletions
diff --git a/community/chromium/musl-sandbox.patch b/community/chromium/musl-sandbox.patch index fbb97b9cca1..52c3b210503 100644 --- a/community/chromium/musl-sandbox.patch +++ b/community/chromium/musl-sandbox.patch @@ -1,3 +1,6 @@ +musl uses different syscalls from glibc for some functions, so the sandbox has +to account for that +-- diff --git a/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.cc ./sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.cc index ff5a1c0..da56b9b 100644 --- a/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.cc @@ -78,7 +81,7 @@ index d9d1882..0567557 100644 diff --git a/sandbox/linux/system_headers/linux_syscalls.h ./sandbox/linux/system_headers/linux_syscalls.h index 2b78a0c..b6fedb5 100644 --- a/sandbox/linux/system_headers/linux_syscalls.h -+++ ./sandbox/linux/system_headers/linux_syscalls.h ++++ b/sandbox/linux/system_headers/linux_syscalls.h @@ -10,6 +10,7 @@ #define SANDBOX_LINUX_SYSTEM_HEADERS_LINUX_SYSCALLS_H_ @@ -87,22 +90,35 @@ index 2b78a0c..b6fedb5 100644 #if defined(__x86_64__) #include "sandbox/linux/system_headers/x86_64_linux_syscalls.h" -diff --git a/services/service_manager/sandbox/linux/bpf_renderer_policy_linux.cc ./services/service_manager/sandbox/linux/bpf_renderer_policy_linux.cc -index a85c0ea..715aa1e 100644 --- a/sandbox/policy/linux/bpf_renderer_policy_linux.cc -+++ ./sandbox/policy/linux/bpf_renderer_policy_linux.cc -@@ -93,11 +93,11 @@ ++++ b/sandbox/policy/linux/bpf_renderer_policy_linux.cc +@@ -94,6 +94,9 @@ + case __NR_pwrite64: + case __NR_sched_get_priority_max: + case __NR_sched_get_priority_min: ++ case __NR_sched_getparam: ++ case __NR_sched_getscheduler: ++ case __NR_sched_setscheduler: case __NR_sysinfo: case __NR_times: case __NR_uname: -- return Allow(); -- case __NR_sched_getaffinity: - case __NR_sched_getparam: - case __NR_sched_getscheduler: - case __NR_sched_setscheduler: -+ return Allow(); -+ case __NR_sched_getaffinity: - return RestrictSchedTarget(GetPolicyPid(), sysno); - case __NR_prlimit64: - // See crbug.com/662450 and setrlimit comment above. - +--- a/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc ++++ b/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc +@@ -225,10 +225,15 @@ + if (sysno == __NR_getpriority || sysno ==__NR_setpriority) + return RestrictGetSetpriority(current_pid); + ++ // XXX: hacks for musl sandbox, calls needed? ++ if (sysno == __NR_sched_getparam || sysno == __NR_sched_getscheduler || ++ sysno == __NR_sched_setscheduler) { ++ return Allow(); ++ } ++ + // The scheduling syscalls are used in threading libraries and also heavily in + // abseil. See for example https://crbug.com/1370394. +- if (sysno == __NR_sched_getaffinity || sysno == __NR_sched_getparam || +- sysno == __NR_sched_getscheduler || sysno == __NR_sched_setscheduler) { ++ if (sysno == __NR_sched_getaffinity) { + return RestrictSchedTarget(current_pid, sysno); + } + |