chromium/chromium-92.0.4515.107-sandbox-clone3.patch

diff -up chromium-92.0.4515.107/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc.clone3 chromium-92.0.4515.107/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc
--- chromium-92.0.4515.107/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc.clone3	2021-08-16 09:05:35.836277326 -0400
+++ chromium-92.0.4515.107/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc	2021-08-16 09:06:17.420502628 -0400
@@ -178,6 +178,12 @@ ResultExpr EvaluateSyscallImpl(int fs_de
     return RestrictCloneToThreadsAndEPERMFork();
   }
 
+  // clone3 takes a pointer argument which we cannot examine, so return ENOSYS
+  // to force the libc to use clone. See https://crbug.com/1213452.
+  if (sysno == __NR_clone3) {
+    return Error(ENOSYS);
+  }
+
   if (sysno == __NR_fcntl)
     return RestrictFcntlCommands();