diff options
Diffstat (limited to 'sys-apps/man-db/files')
-rw-r--r-- | sys-apps/man-db/files/man-db-2.9.3-clock_gettime64.patch | 44 |
1 files changed, 44 insertions, 0 deletions
diff --git a/sys-apps/man-db/files/man-db-2.9.3-clock_gettime64.patch b/sys-apps/man-db/files/man-db-2.9.3-clock_gettime64.patch new file mode 100644 index 000000000000..0da1b2c5b2b7 --- /dev/null +++ b/sys-apps/man-db/files/man-db-2.9.3-clock_gettime64.patch @@ -0,0 +1,44 @@ +From 7315a9475d8fa37af49e9e7ed11e1534f23ef70b Mon Sep 17 00:00:00 2001 +From: "S. Gilles" <sgilles@umd.edu> +Date: Wed, 12 Aug 2020 16:40:07 -0400 +Subject: Allow clock_gettime64; return ENOSYS so libcs can engage fallbacks + +libcs such as musl expect ENOSYS to be returned (not EPERM) in their +fallback code, so change the seccomp filter to be more agreeable to +them. + +At the same time, clock_gettime is permitted in the filter, so permit +clock_gettime64 as well -- it will be needed by 2038 in any case. + +* lib/sandbox.c (make_seccomp_filter): Set default action to +SCMP_ACT_ERRNO (ENOSYS). Allow clock_gettime64. +* NEWS: Document this. +--- + NEWS | 9 +++++++++ + lib/sandbox.c | 3 ++- + 2 files changed, 11 insertions(+), 1 deletion(-) + +diff --git a/lib/sandbox.c b/lib/sandbox.c +index 21ec28aa..d934a0f9 100644 +--- a/lib/sandbox.c ++++ b/lib/sandbox.c +@@ -232,7 +232,7 @@ static scmp_filter_ctx make_seccomp_filter (int permissive) + ; + + debug ("initialising seccomp filter (permissive: %d)\n", permissive); +- ctx = seccomp_init (SCMP_ACT_ERRNO (EPERM)); ++ ctx = seccomp_init (SCMP_ACT_ERRNO (ENOSYS)); + if (!ctx) + error (FATAL, errno, "can't initialise seccomp filter"); + +@@ -271,6 +271,7 @@ static scmp_filter_ctx make_seccomp_filter (int permissive) + /* systemd: SystemCallFilter=@default */ + SC_ALLOW ("clock_getres"); + SC_ALLOW ("clock_gettime"); ++ SC_ALLOW ("clock_gettime64"); + SC_ALLOW ("clock_nanosleep"); + SC_ALLOW ("execve"); + SC_ALLOW ("exit"); +-- +cgit v1.2.1 + |