testing/firefox: improve seccomp, use pthread_setname_np

ref #7454

1 files changed, 31 insertions, 0 deletions

diff --git a/testing/firefox/fix-seccomp-bpf.patch b/testing/firefox/fix-seccomp-bpf.patch
index 47cde56c74..aaf6b563aa 100644
--- a/testing/firefox/fix-seccomp-bpf.patch
+++ b/testing/firefox/fix-seccomp-bpf.patch
@@ -12,3 +12,34 @@
  namespace {
  
  struct arch_sigsys {
+--- firefox-54.0.1/security/sandbox/linux/SandboxFilter.cpp.orig	2017-07-11 07:51:56.342122784 +0000
++++ firefox-54.0.1/security/sandbox/linux/SandboxFilter.cpp	2017-07-11 08:05:27.553930300 +0000
+@@ -134,6 +134,7 @@
+       .Case(flags_common | CLONE_DETACHED, Allow()) // <= JB 4.2
+       .Case(flags_common, Allow()) // JB 4.3 or KK 4.4
+ #endif
++      .Case(flags_modern | CLONE_DETACHED, Allow()) // musl
+       .Case(flags_modern, Allow()) // Android L or glibc
+       .Default(failPolicy);
+   }
+@@ -241,6 +242,9 @@
+       // Polyfill with tgkill; see above.
+     case __NR_tkill:
+       return Trap(TKillCompatTrap, nullptr);
++#elseif !defined(__GLIBC__)
++    case __NR_tkill:
++      return Allow();
+ #endif
+ 
+       // Yield
+--- firefox-54.0.1/security/sandbox/linux/SandboxFilterUtil.h.orig	2017-07-11 08:05:38.380798447 +0000
++++ firefox-54.0.1/security/sandbox/linux/SandboxFilterUtil.h	2017-07-11 08:06:20.274911403 +0000
+@@ -118,7 +118,7 @@
+ #define CASES_FOR_fstatfs   case __NR_fstatfs
+ #define CASES_FOR_statfs   case __NR_statfs
+ #define CASES_FOR_fcntl   case __NR_fcntl
+-#define CASES_FOR_getdents   case __NR_getdents
++#define CASES_FOR_getdents   case __NR_getdents64: case __NR_getdents
+ #define CASES_FOR_lseek   case __NR_lseek
+ #define CASES_FOR_ftruncate   case __NR_ftruncate
+ #endif