From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 4A4D41382C5 for ; Fri, 23 Apr 2021 19:11:30 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 13534E083B; Fri, 23 Apr 2021 19:11:28 +0000 (UTC) Received: from smtp.gentoo.org (mail.gentoo.org [IPv6:2001:470:ea4a:1:5054:ff:fec7:86e4]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 8F097E083B for ; Fri, 23 Apr 2021 19:11:27 +0000 (UTC) Received: from oystercatcher.gentoo.org (oystercatcher.gentoo.org [148.251.78.52]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id 57254340CF1 for ; Fri, 23 Apr 2021 19:11:26 +0000 (UTC) Received: from localhost.localdomain (localhost [IPv6:::1]) by oystercatcher.gentoo.org (Postfix) with ESMTP id A256D59C for ; Fri, 23 Apr 2021 19:11:24 +0000 (UTC) From: "Mike Gilbert" To: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: 8bit Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Mike Gilbert" Message-ID: <1619205009.0813d843cb2a43c748fdf6c9d5ac6dc882104dcf.floppym@gentoo> Subject: [gentoo-commits] repo/gentoo:master commit in: sys-apps/file/files/, sys-apps/file/ X-VCS-Repository: repo/gentoo X-VCS-Files: sys-apps/file/file-5.40-r1.ebuild sys-apps/file/file-5.40-r2.ebuild sys-apps/file/files/file-5.40-seccomp-faccessat.patch sys-apps/file/files/file-5.40-seccomp-fstatat64.patch X-VCS-Directories: sys-apps/file/files/ sys-apps/file/ X-VCS-Committer: floppym X-VCS-Committer-Name: Mike Gilbert X-VCS-Revision: 0813d843cb2a43c748fdf6c9d5ac6dc882104dcf X-VCS-Branch: master Date: Fri, 23 Apr 2021 19:11:24 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply X-Archives-Salt: 1f0d14cc-3c34-4522-a8fc-09ef44f6975a X-Archives-Hash: e27e26cf7a0339928fd8dca1c2158a6d commit: 0813d843cb2a43c748fdf6c9d5ac6dc882104dcf Author: Mike Gilbert gentoo org> AuthorDate: Fri Apr 23 19:10:09 2021 +0000 Commit: Mike Gilbert gentoo org> CommitDate: Fri Apr 23 19:10:09 2021 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0813d843 sys-apps/file: allow faccessat and fstatat64 syscalls Closes: https://bugs.gentoo.org/784857 Signed-off-by: Mike Gilbert gentoo.org> .../{file-5.40-r1.ebuild => file-5.40-r2.ebuild} | 2 ++ .../file/files/file-5.40-seccomp-faccessat.patch | 34 ++++++++++++++++++++++ .../file/files/file-5.40-seccomp-fstatat64.patch | 29 ++++++++++++++++++ 3 files changed, 65 insertions(+) diff --git a/sys-apps/file/file-5.40-r1.ebuild b/sys-apps/file/file-5.40-r2.ebuild similarity index 96% rename from sys-apps/file/file-5.40-r1.ebuild rename to sys-apps/file/file-5.40-r2.ebuild index a901c2a4003..f46a59bccfa 100644 --- a/sys-apps/file/file-5.40-r1.ebuild +++ b/sys-apps/file/file-5.40-r2.ebuild @@ -39,6 +39,8 @@ RDEPEND="${DEPEND} PATCHES=( "${FILESDIR}/file-5.39-portage-sandbox.patch" #713710 #728978 "${FILESDIR}/file-5.40-xz_magic.patch" #784773 + "${FILESDIR}/file-5.40-seccomp-faccessat.patch" + "${FILESDIR}/file-5.40-seccomp-fstatat64.patch" #784857 ) src_prepare() { diff --git a/sys-apps/file/files/file-5.40-seccomp-faccessat.patch b/sys-apps/file/files/file-5.40-seccomp-faccessat.patch new file mode 100644 index 00000000000..4aeb88cfe87 --- /dev/null +++ b/sys-apps/file/files/file-5.40-seccomp-faccessat.patch @@ -0,0 +1,34 @@ +From abcd583135bb0762e6bfd0f2e06c50bea1fb3cd0 Mon Sep 17 00:00:00 2001 +From: Christos Zoulas +Date: Tue, 6 Apr 2021 22:02:17 +0000 +Subject: [PATCH] On ARM64 Linux access() syscall is no longer a real syscall + to the kernel. Instead it's emulated by glibc with a new faccessat() syscall. + (Icenowy Zheng) + +--- + src/seccomp.c | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +diff --git a/src/seccomp.c b/src/seccomp.c +index 0da907ff7..81842cf5c 100644 +--- a/src/seccomp.c ++++ b/src/seccomp.c +@@ -27,7 +27,7 @@ + #include "file.h" + + #ifndef lint +-FILE_RCSID("@(#)$File: seccomp.c,v 1.18 2021/03/14 17:01:58 christos Exp $") ++FILE_RCSID("@(#)$File: seccomp.c,v 1.19 2021/04/06 22:02:17 christos Exp $") + #endif /* lint */ + + #if HAVE_LIBSECCOMP +@@ -171,6 +171,9 @@ enable_sandbox_full(void) + ALLOW_RULE(dup2); + ALLOW_RULE(exit); + ALLOW_RULE(exit_group); ++#ifdef __NR_faccessat ++ ALLOW_RULE(faccessat); ++#endif + ALLOW_RULE(fcntl); + ALLOW_RULE(fcntl64); + ALLOW_RULE(fstat); diff --git a/sys-apps/file/files/file-5.40-seccomp-fstatat64.patch b/sys-apps/file/files/file-5.40-seccomp-fstatat64.patch new file mode 100644 index 00000000000..57d04e5f40c --- /dev/null +++ b/sys-apps/file/files/file-5.40-seccomp-fstatat64.patch @@ -0,0 +1,29 @@ +From e3d0265a147878b6c2903bcc83b9842dff68ceb4 Mon Sep 17 00:00:00 2001 +From: Mike Gilbert +Date: Fri, 23 Apr 2021 15:00:42 -0400 +Subject: [PATCH] seccomp: allow fstatat64 + +This is needed for the libsandbox LD_PRELOAD wrapper on Gentoo Linux. + +Bug: https://bugs.gentoo.org/784857 +--- + src/seccomp.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/src/seccomp.c b/src/seccomp.c +index 81842cf5..43abc684 100644 +--- a/src/seccomp.c ++++ b/src/seccomp.c +@@ -178,6 +178,9 @@ enable_sandbox_full(void) + ALLOW_RULE(fcntl64); + ALLOW_RULE(fstat); + ALLOW_RULE(fstat64); ++#ifdef __NR_fstatat64 ++ ALLOW_RULE(fstatat64); ++#endif + ALLOW_RULE(futex); + ALLOW_RULE(getdents); + #ifdef __NR_getdents64 +-- +2.31.1 +