aboutsummaryrefslogtreecommitdiffstats
path: root/community/chromium/musl-sandbox.patch
diff options
context:
space:
mode:
Diffstat (limited to 'community/chromium/musl-sandbox.patch')
-rw-r--r--community/chromium/musl-sandbox.patch20
1 files changed, 20 insertions, 0 deletions
diff --git a/community/chromium/musl-sandbox.patch b/community/chromium/musl-sandbox.patch
index 4414670cba..5c4674f3c0 100644
--- a/community/chromium/musl-sandbox.patch
+++ b/community/chromium/musl-sandbox.patch
@@ -48,3 +48,23 @@
case __NR_msync:
case __NR_munlockall:
case __NR_readahead:
+diff --git a/sandbox/linux/seccomp-bpf-helpers/syscall_sets.cc b/sandbox/linux/seccomp-bpf-helpers/syscall_sets.cc
+index 80f02c0..21fbe21 100644
+--- sandbox/linux/seccomp-bpf-helpers/syscall_sets.cc
++++ sandbox/linux/seccomp-bpf-helpers/syscall_sets.cc
+@@ -373,6 +373,7 @@ bool SyscallSets::IsAllowedProcessStartOrDeath(int sysno) {
+ #if defined(__i386__)
+ case __NR_waitpid:
+ #endif
++ case __NR_set_tid_address:
+ return true;
+ case __NR_clone: // Should be parameter-restricted.
+ case __NR_setns: // Privileged.
+@@ -385,7 +386,6 @@ bool SyscallSets::IsAllowedProcessStartOrDeath(int sysno) {
+ #if defined(__i386__) || defined(__x86_64__) || defined(__mips__)
+ case __NR_set_thread_area:
+ #endif
+- case __NR_set_tid_address:
+ case __NR_unshare:
+ #if !defined(__mips__) && !defined(__aarch64__)
+ case __NR_vfork:
generated by cgit v1.2.3 (git 2.25.1) at 2025-06-21 22:38:53 +0000