summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--extra/chromium/PKGBUILD11
-rw-r--r--extra/chromium/chromium-81.0.4044.122-Fix-sandbox-Aw-snap-for-syscalls-403-and-407.patch85
2 files changed, 96 insertions, 0 deletions
diff --git a/extra/chromium/PKGBUILD b/extra/chromium/PKGBUILD
index f0bf949b..12564c02 100644
--- a/extra/chromium/PKGBUILD
+++ b/extra/chromium/PKGBUILD
@@ -48,3 +48,14 @@ if [ "$CARCH" = 'i686' ]; then
'
)"
fi
+
+# for for 64-bit time functions in seccomp sanbox (thanks to schnitzeltony)
+# https://github.com/schnitzeltony/meta-browser/blob/master/recipes-browser/chromium/files/0003-Fix-sandbox-Aw-snap-for-syscalls-403-and-407.patch
+source+=('chromium-81.0.4044.122-Fix-sandbox-Aw-snap-for-syscalls-403-and-407.patch')
+sha256sums+=('4837f797a910795bf3161805a3302d5f3701573ca90da8af32b2f4aa62510d20')
+eval "$(
+ declare -f prepare | \
+ sed '
+ /patch.*skia.*/a patch -Np1 -i "$srcdir/chromium-81.0.4044.122-Fix-sandbox-Aw-snap-for-syscalls-403-and-407.patch"
+ '
+)"
diff --git a/extra/chromium/chromium-81.0.4044.122-Fix-sandbox-Aw-snap-for-syscalls-403-and-407.patch b/extra/chromium/chromium-81.0.4044.122-Fix-sandbox-Aw-snap-for-syscalls-403-and-407.patch
new file mode 100644
index 00000000..7766ad35
--- /dev/null
+++ b/extra/chromium/chromium-81.0.4044.122-Fix-sandbox-Aw-snap-for-syscalls-403-and-407.patch
@@ -0,0 +1,85 @@
+diff -rauN chromium-81.0.4044.122/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc chromium-81.0.4044.122-Fix-sandbox-Aw-snap-for-syscalls-403-and-407-patch/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc
+--- chromium-81.0.4044.122/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc 2020-04-21 23:50:38.000000000 +0200
++++ chromium-81.0.4044.122-Fix-sandbox-Aw-snap-for-syscalls-403-and-407-patch/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc 2020-04-24 08:23:49.283333424 +0200
+@@ -148,7 +148,14 @@
+ return Allow();
+ #endif
+
+- if (sysno == __NR_clock_gettime || sysno == __NR_clock_nanosleep) {
++ if (sysno == __NR_clock_gettime || sysno == __NR_clock_nanosleep
++#if defined(__NR_clock_gettime64)
++ || sysno == __NR_clock_gettime64
++#endif
++#if defined(__NR_clock_nanosleep_time64)
++ || sysno == __NR_clock_nanosleep_time64
++#endif
++ ) {
+ return RestrictClockID();
+ }
+
+diff -rauN chromium-81.0.4044.122/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions_unittests.cc chromium-81.0.4044.122-Fix-sandbox-Aw-snap-for-syscalls-403-and-407-patch/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions_unittests.cc
+--- chromium-81.0.4044.122/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions_unittests.cc 2020-04-21 23:50:02.000000000 +0200
++++ chromium-81.0.4044.122-Fix-sandbox-Aw-snap-for-syscalls-403-and-407-patch/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions_unittests.cc 2020-04-24 08:29:04.760000078 +0200
+@@ -60,6 +60,12 @@
+ case __NR_clock_gettime:
+ case __NR_clock_getres:
+ case __NR_clock_nanosleep:
++#if defined(__NR_clock_nanosleep_time64)
++ case __NR_clock_nanosleep_time64:
++#endif
++#if defined(__NR_clock_gettime64)
++ case __NR_clock_gettime64:
++#endif
+ return RestrictClockID();
+ default:
+ return Allow();
+diff -rauN chromium-81.0.4044.122/sandbox/linux/seccomp-bpf-helpers/syscall_sets.cc chromium-81.0.4044.122-Fix-sandbox-Aw-snap-for-syscalls-403-and-407-patch/sandbox/linux/seccomp-bpf-helpers/syscall_sets.cc
+--- chromium-81.0.4044.122/sandbox/linux/seccomp-bpf-helpers/syscall_sets.cc 2020-04-21 23:50:02.000000000 +0200
++++ chromium-81.0.4044.122-Fix-sandbox-Aw-snap-for-syscalls-403-and-407-patch/sandbox/linux/seccomp-bpf-helpers/syscall_sets.cc 2020-04-24 08:32:50.016666736 +0200
+@@ -39,6 +39,12 @@
+ // filtered by RestrictClokID().
+ case __NR_clock_gettime: // Parameters filtered by RestrictClockID().
+ case __NR_clock_nanosleep: // Parameters filtered by RestrictClockID().
++#if defined(__NR_clock_gettime64)
++ case __NR_clock_gettime64: // Parameters filtered by RestrictClockID().
++#endif
++#if defined(__NR_clock_nanosleep_time64)
++ case __NR_clock_nanosleep_time64: // Parameters filtered by RestrictClockID().
++#endif
+ case __NR_clock_settime: // Privileged.
+ #if defined(__i386__) || \
+ (defined(ARCH_CPU_MIPS_FAMILY) && defined(ARCH_CPU_32_BITS))
+diff -rauN chromium-81.0.4044.122/sandbox/linux/system_headers/arm_linux_syscalls.h chromium-81.0.4044.122-Fix-sandbox-Aw-snap-for-syscalls-403-and-407-patch/sandbox/linux/system_headers/arm_linux_syscalls.h
+--- chromium-81.0.4044.122/sandbox/linux/system_headers/arm_linux_syscalls.h 2020-04-21 23:50:02.000000000 +0200
++++ chromium-81.0.4044.122-Fix-sandbox-Aw-snap-for-syscalls-403-and-407-patch/sandbox/linux/system_headers/arm_linux_syscalls.h 2020-04-24 08:35:06.950000054 +0200
+@@ -1385,6 +1385,14 @@
+ #define __NR_memfd_create (__NR_SYSCALL_BASE+385)
+ #endif
+
++#if !defined(__NR_clock_gettime64)
++#define __NR_clock_gettime64 (__NR_SYSCALL_BASE+403)
++#endif
++
++#if !defined(__NR_clock_nanosleep_time64)
++#define __NR_clock_nanosleep_time64 (__NR_SYSCALL_BASE+407)
++#endif
++
+ // ARM private syscalls.
+ #if !defined(__ARM_NR_BASE)
+ #define __ARM_NR_BASE (__NR_SYSCALL_BASE + 0xF0000)
+diff -rauN chromium-81.0.4044.122/sandbox/linux/system_headers/mips_linux_syscalls.h chromium-81.0.4044.122-Fix-sandbox-Aw-snap-for-syscalls-403-and-407-patch/sandbox/linux/system_headers/mips_linux_syscalls.h
+--- chromium-81.0.4044.122/sandbox/linux/system_headers/mips_linux_syscalls.h 2020-04-21 23:50:02.000000000 +0200
++++ chromium-81.0.4044.122-Fix-sandbox-Aw-snap-for-syscalls-403-and-407-patch/sandbox/linux/system_headers/mips_linux_syscalls.h 2020-04-24 08:35:52.130000064 +0200
+@@ -1433,4 +1433,12 @@
+ #define __NR_memfd_create (__NR_Linux + 354)
+ #endif
+
++#if !defined(__NR_clock_gettime64)
++#define __NR_clock_gettime64 (__NR_Linux + 403)
++#endif
++
++#if !defined(__NR_clock_nanosleep_time64)
++#define __NR_clock_nanosleep_time64 (__NR_Linux + 407)
++#endif
++
+ #endif // SANDBOX_LINUX_SYSTEM_HEADERS_MIPS_LINUX_SYSCALLS_H_