diff options
author | V3n3RiX <venerix@koprulu.sector> | 2022-12-31 14:19:51 +0000 |
---|---|---|
committer | V3n3RiX <venerix@koprulu.sector> | 2022-12-31 14:19:51 +0000 |
commit | ea5bad4d0ba1eb937df22adb7f6cc57ea77f03d8 (patch) | |
tree | 444d798059985f0e993cb7582231243cd4c5d083 /sys-apps/file/files | |
parent | 6989a301768c924a6014fdce19b28de541ad557a (diff) |
gentoo auto-resync : 31:12:2022 - 14:19:51
Diffstat (limited to 'sys-apps/file/files')
-rw-r--r-- | sys-apps/file/files/file-5.43-portage-sandbox.patch | 28 | ||||
-rw-r--r-- | sys-apps/file/files/file-5.43-seccomp-fstatat64-musl.patch | 22 | ||||
-rw-r--r-- | sys-apps/file/files/file-5.44-seccomp-utimes.patch | 18 |
3 files changed, 68 insertions, 0 deletions
diff --git a/sys-apps/file/files/file-5.43-portage-sandbox.patch b/sys-apps/file/files/file-5.43-portage-sandbox.patch new file mode 100644 index 000000000000..f9e715cc366f --- /dev/null +++ b/sys-apps/file/files/file-5.43-portage-sandbox.patch @@ -0,0 +1,28 @@ +Allow syscalls for Gentoo's portage sandbox + +- Add getcwd (bug #728978) +- Add faccessat2 (bug #889046) + +Bug: https://bugs.gentoo.org/728978 +Bug: https://bugs.gentoo.org/889046 +--- a/src/seccomp.c ++++ b/src/seccomp.c +@@ -174,6 +174,9 @@ enable_sandbox_full(void) + ALLOW_RULE(exit_group); + #ifdef __NR_faccessat + ALLOW_RULE(faccessat); ++#endif ++#ifdef __NR_faccessat2 ++ ALLOW_RULE(faccessat2); + #endif + ALLOW_RULE(fcntl); + ALLOW_RULE(fcntl64); +@@ -237,6 +240,8 @@ enable_sandbox_full(void) + ALLOW_RULE(write); + ALLOW_RULE(writev); + ++ // needed by Gentoo's portage sandbox ++ ALLOW_RULE(getcwd); + + #if 0 + // needed by valgrind diff --git a/sys-apps/file/files/file-5.43-seccomp-fstatat64-musl.patch b/sys-apps/file/files/file-5.43-seccomp-fstatat64-musl.patch new file mode 100644 index 000000000000..a039882ac8d7 --- /dev/null +++ b/sys-apps/file/files/file-5.43-seccomp-fstatat64-musl.patch @@ -0,0 +1,22 @@ +From 8c13923a8e17a02be0989649b2edc20124816729 Mon Sep 17 00:00:00 2001 +From: Mike Gilbert <floppym@gentoo.org> +Date: Tue, 15 Jun 2021 16:08:22 -0400 +Subject: [PATCH] seccomp: undef fstatat64 to avoid build failure on musl + +sys/stat.h in musl does this: + + #define fstatat64 fstatat + +Counteract this with an #undef. + +Bug: https://bugs.gentoo.org/789336 +--- a/src/seccomp.c ++++ b/src/seccomp.c +@@ -182,6 +182,7 @@ enable_sandbox_full(void) + #endif + ALLOW_RULE(fstat64); + #ifdef __NR_fstatat64 ++#undef fstatat64 + ALLOW_RULE(fstatat64); + #endif + ALLOW_RULE(futex); diff --git a/sys-apps/file/files/file-5.44-seccomp-utimes.patch b/sys-apps/file/files/file-5.44-seccomp-utimes.patch new file mode 100644 index 000000000000..49f1c2e4b739 --- /dev/null +++ b/sys-apps/file/files/file-5.44-seccomp-utimes.patch @@ -0,0 +1,18 @@ +https://github.com/file/file/commit/1590a653b520123d47070a47436abfba42d4c943 + +From 1590a653b520123d47070a47436abfba42d4c943 Mon Sep 17 00:00:00 2001 +From: Christos Zoulas <christos@zoulas.com> +Date: Mon, 26 Dec 2022 18:57:29 +0000 +Subject: [PATCH] PR/408: SpraxDev: Add utimes to the allow list for -p + +--- a/src/seccomp.c ++++ b/src/seccomp.c +@@ -233,6 +233,7 @@ enable_sandbox_full(void) + ALLOW_RULE(umask); // Used in file_pipe2file() + ALLOW_RULE(getpid); // Used by glibc in file_pipe2file() + ALLOW_RULE(unlink); ++ ALLOW_RULE(utimes); + ALLOW_RULE(write); + ALLOW_RULE(writev); + + |