chromium/chromium-92.0.4515.107-sandbox-clone3.patch
2021-08-25 09:57:56 -04:00

17 lines
807 B
Diff

diff -up chromium-92.0.4515.107/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc.clone3 chromium-92.0.4515.107/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc
--- chromium-92.0.4515.107/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc.clone3 2021-08-16 09:05:35.836277326 -0400
+++ chromium-92.0.4515.107/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc 2021-08-16 09:06:17.420502628 -0400
@@ -178,6 +178,12 @@ ResultExpr EvaluateSyscallImpl(int fs_de
return RestrictCloneToThreadsAndEPERMFork();
}
+ // clone3 takes a pointer argument which we cannot examine, so return ENOSYS
+ // to force the libc to use clone. See https://crbug.com/1213452.
+ if (sysno == __NR_clone3) {
+ return Error(ENOSYS);
+ }
+
if (sysno == __NR_fcntl)
return RestrictFcntlCommands();