blob: aaf6b563aa76e47245a7c3f3f1a091ed5a671330 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
|
--- a/security/sandbox/chromium/sandbox/linux/seccomp-bpf/trap.cc.orig 2015-09-23 09:10:08.812740571 +0200
+++ b/security/sandbox/chromium/sandbox/linux/seccomp-bpf/trap.cc 2015-09-23 09:11:38.404746155 +0200
@@ -23,6 +23,11 @@
#include "sandbox/linux/services/android_ucontext.h"
#endif
+// musl libc defines siginfo_t __si_fields instead of _sifields
+#if defined(OS_LINUX) && !defined(__GLIBC__)
+#define _sifields __si_fields
+#endif
+
namespace {
struct arch_sigsys {
--- firefox-54.0.1/security/sandbox/linux/SandboxFilter.cpp.orig 2017-07-11 07:51:56.342122784 +0000
+++ firefox-54.0.1/security/sandbox/linux/SandboxFilter.cpp 2017-07-11 08:05:27.553930300 +0000
@@ -134,6 +134,7 @@
.Case(flags_common | CLONE_DETACHED, Allow()) // <= JB 4.2
.Case(flags_common, Allow()) // JB 4.3 or KK 4.4
#endif
+ .Case(flags_modern | CLONE_DETACHED, Allow()) // musl
.Case(flags_modern, Allow()) // Android L or glibc
.Default(failPolicy);
}
@@ -241,6 +242,9 @@
// Polyfill with tgkill; see above.
case __NR_tkill:
return Trap(TKillCompatTrap, nullptr);
+#elseif !defined(__GLIBC__)
+ case __NR_tkill:
+ return Allow();
#endif
// Yield
--- firefox-54.0.1/security/sandbox/linux/SandboxFilterUtil.h.orig 2017-07-11 08:05:38.380798447 +0000
+++ firefox-54.0.1/security/sandbox/linux/SandboxFilterUtil.h 2017-07-11 08:06:20.274911403 +0000
@@ -118,7 +118,7 @@
#define CASES_FOR_fstatfs case __NR_fstatfs
#define CASES_FOR_statfs case __NR_statfs
#define CASES_FOR_fcntl case __NR_fcntl
-#define CASES_FOR_getdents case __NR_getdents
+#define CASES_FOR_getdents case __NR_getdents64: case __NR_getdents
#define CASES_FOR_lseek case __NR_lseek
#define CASES_FOR_ftruncate case __NR_ftruncate
#endif
|
