From 12232c95aa083ff2f7b4d8eb85f8e921775b6402 Mon Sep 17 00:00:00 2001
From: Max Rees <maxcrees@me.com>
Date: Sun, 19 Apr 2020 00:42:37 -0500
Subject: user/firefox-esr: allow membarrier(2) in content process sandbox
 (#261)

---
 user/firefox-esr/seccomp-membarrier.patch | 12 ++++++++++++
 1 file changed, 12 insertions(+)
 create mode 100644 user/firefox-esr/seccomp-membarrier.patch

(limited to 'user/firefox-esr/seccomp-membarrier.patch')

diff --git a/user/firefox-esr/seccomp-membarrier.patch b/user/firefox-esr/seccomp-membarrier.patch
new file mode 100644
index 000000000..be1744113
--- /dev/null
+++ b/user/firefox-esr/seccomp-membarrier.patch
@@ -0,0 +1,12 @@
+musl ldso issues a membarrier when setting up TLS
+
+--- firefox-68.7.0/security/sandbox/linux/SandboxFilter.cpp	2020-04-03 19:30:03.000000000 +0000
++++ firefox-68.7.0/security/sandbox/linux/SandboxFilter.cpp	2020-04-19 04:59:30.280000000 +0000
+@@ -529,6 +529,7 @@ class SandboxPolicyCommon : public Sandb
+ 
+         // ipc::Shmem; also, glibc when creating threads:
+       case __NR_mprotect:
++      case __NR_membarrier:
+         return Allow();
+ 
+         // madvise hints used by malloc; see bug 1303813 and bug 1364533
-- 
cgit v1.2.3-60-g2f50