1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
|
Backport of https://hg.mozilla.org/mozilla-central/rev/a0be746532f437055e4190cc8db802ad1239405e
diff --git a/security/sandbox/linux/SandboxFilter.cpp b/security/sandbox/linux/SandboxFilter.cpp
--- a/security/sandbox/linux/SandboxFilter.cpp
+++ b/security/sandbox/linux/SandboxFilter.cpp
@@ -419,16 +419,20 @@ class SandboxPolicyCommon : public Sandb
case __NR_faccessat:
return Trap(AccessAtTrap, mBroker);
CASES_FOR_stat:
return Trap(StatTrap, mBroker);
CASES_FOR_lstat:
return Trap(LStatTrap, mBroker);
CASES_FOR_fstatat:
return Trap(StatAtTrap, mBroker);
+ // Used by new libc and Rust's stdlib, if available.
+ // We don't have broker support yet so claim it does not exist.
+ case __NR_statx:
+ return Error(ENOSYS);
case __NR_chmod:
return Trap(ChmodTrap, mBroker);
case __NR_link:
return Trap(LinkTrap, mBroker);
case __NR_mkdir:
return Trap(MkdirTrap, mBroker);
case __NR_symlink:
return Trap(SymlinkTrap, mBroker);
@@ -538,16 +542,20 @@ class SandboxPolicyCommon : public Sandb
.ElseIf(advice == MADV_HUGEPAGE, Allow())
.ElseIf(advice == MADV_NOHUGEPAGE, Allow())
#ifdef MOZ_ASAN
.ElseIf(advice == MADV_DONTDUMP, Allow())
#endif
.Else(InvalidSyscall());
}
+ // musl libc will set this up in pthreads support.
+ case __NR_membarrier:
+ return Allow();
+
// Signal handling
#if defined(ANDROID) || defined(MOZ_ASAN)
case __NR_sigaltstack:
#endif
CASES_FOR_sigreturn:
CASES_FOR_sigprocmask:
CASES_FOR_sigaction:
return Allow();
|
