diff options
Diffstat (limited to 'user/firefox-esr/seccomp-musl.patch')
| -rw-r--r-- | user/firefox-esr/seccomp-musl.patch | 49 |
1 files changed, 49 insertions, 0 deletions
diff --git a/user/firefox-esr/seccomp-musl.patch b/user/firefox-esr/seccomp-musl.patch new file mode 100644 index 000000000..edd4a3024 --- /dev/null +++ b/user/firefox-esr/seccomp-musl.patch @@ -0,0 +1,49 @@ +Backport of https://hg.mozilla.org/mozilla-central/rev/a0be746532f437055e4190cc8db802ad1239405e + +diff --git a/security/sandbox/linux/SandboxFilter.cpp b/security/sandbox/linux/SandboxFilter.cpp +--- a/security/sandbox/linux/SandboxFilter.cpp ++++ b/security/sandbox/linux/SandboxFilter.cpp +@@ -419,16 +419,20 @@ class SandboxPolicyCommon : public Sandb + case __NR_faccessat: + return Trap(AccessAtTrap, mBroker); + CASES_FOR_stat: + return Trap(StatTrap, mBroker); + CASES_FOR_lstat: + return Trap(LStatTrap, mBroker); + CASES_FOR_fstatat: + return Trap(StatAtTrap, mBroker); ++ // Used by new libc and Rust's stdlib, if available. ++ // We don't have broker support yet so claim it does not exist. ++ case __NR_statx: ++ return Error(ENOSYS); + case __NR_chmod: + return Trap(ChmodTrap, mBroker); + case __NR_link: + return Trap(LinkTrap, mBroker); + case __NR_mkdir: + return Trap(MkdirTrap, mBroker); + case __NR_symlink: + return Trap(SymlinkTrap, mBroker); +@@ -538,16 +542,20 @@ class SandboxPolicyCommon : public Sandb + .ElseIf(advice == MADV_HUGEPAGE, Allow()) + .ElseIf(advice == MADV_NOHUGEPAGE, Allow()) + #ifdef MOZ_ASAN + .ElseIf(advice == MADV_DONTDUMP, Allow()) + #endif + .Else(InvalidSyscall()); + } + ++ // musl libc will set this up in pthreads support. ++ case __NR_membarrier: ++ return Allow(); ++ + // Signal handling + #if defined(ANDROID) || defined(MOZ_ASAN) + case __NR_sigaltstack: + #endif + CASES_FOR_sigreturn: + CASES_FOR_sigprocmask: + CASES_FOR_sigaction: + return Allow(); + + |