commit: 1a8e3a3717ff4d46c6c7b1d356ded751275c531d Author: Mike Gilbert <floppym <AT> gentoo <DOT> org> AuthorDate: Thu Oct 19 19:05:58 2023 +0000 Commit: Mike Gilbert <floppym <AT> gentoo <DOT> org> CommitDate: Thu Oct 19 19:05:58 2023 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1a8e3a37
sys-apps/file: seccomp: also allow geteuid and getegid Bug: https://bugs.gentoo.org/915890 Signed-off-by: Mike Gilbert <floppym <AT> gentoo.org> .../file/{file-5.45-r2.ebuild => file-5.45-r3.ebuild} | 0 sys-apps/file/files/file-5.45-seccomp-sandbox.patch | 18 +++++++++++++----- 2 files changed, 13 insertions(+), 5 deletions(-) diff --git a/sys-apps/file/file-5.45-r2.ebuild b/sys-apps/file/file-5.45-r3.ebuild similarity index 100% rename from sys-apps/file/file-5.45-r2.ebuild rename to sys-apps/file/file-5.45-r3.ebuild diff --git a/sys-apps/file/files/file-5.45-seccomp-sandbox.patch b/sys-apps/file/files/file-5.45-seccomp-sandbox.patch index 4ae62b5aa947..d5f499d395f5 100644 --- a/sys-apps/file/files/file-5.45-seccomp-sandbox.patch +++ b/sys-apps/file/files/file-5.45-seccomp-sandbox.patch @@ -1,4 +1,4 @@ -From 056d8aa6e0a743ff743c60a1fca67126f3dce0b6 Mon Sep 17 00:00:00 2001 +From b05f904dc5df267f90c6489817a379cb7f7f62ee Mon Sep 17 00:00:00 2001 From: Mike Gilbert <flop...@gentoo.org> Date: Thu, 19 Oct 2023 13:58:20 -0400 Subject: [PATCH] seccomp: allow syscalls used by Gentoo's LD_PRELOAD sandbox @@ -7,11 +7,11 @@ Bug: https://bugs.gentoo.org/728978 Bug: https://bugs.gentoo.org/889046 Bug: https://bugs.gentoo.org/915890 --- - src/seccomp.c | 12 ++++++++++++ - 1 file changed, 12 insertions(+) + src/seccomp.c | 20 ++++++++++++++++++++ + 1 file changed, 20 insertions(+) diff --git a/src/seccomp.c b/src/seccomp.c -index 87d4c49e..31954ff4 100644 +index 87d4c49e..f1804660 100644 --- a/src/seccomp.c +++ b/src/seccomp.c @@ -174,6 +174,9 @@ enable_sandbox_full(void) @@ -24,7 +24,7 @@ index 87d4c49e..31954ff4 100644 #endif ALLOW_RULE(fcntl); ALLOW_RULE(fcntl64); -@@ -185,9 +188,18 @@ enable_sandbox_full(void) +@@ -185,9 +188,26 @@ enable_sandbox_full(void) ALLOW_RULE(fstatat64); #endif ALLOW_RULE(futex); @@ -33,6 +33,14 @@ index 87d4c49e..31954ff4 100644 #ifdef __NR_getdents64 ALLOW_RULE(getdents64); +#endif ++ ALLOW_RULE(getegid); ++#ifdef __NR_getegid32 ++ ALLOW_RULE(getegid32); ++#endif ++ ALLOW_RULE(geteuid); ++#ifdef __NR_geteuid32 ++ ALLOW_RULE(geteuid32); ++#endif + ALLOW_RULE(getgid); +#ifdef __NR_getgid32 + ALLOW_RULE(getgid32);
