me
/
guix
Archived
1
0
Fork 0
This repository has been archived on 2024-08-07. You can view files and clone it, but cannot push or open issues/pull-requests.
guix/gnu/packages/patches/tor-sandbox-i686.patch

37 lines
1.3 KiB
Diff

This patch fixes sandboxing on i686 by allowing 'statx'. Without this,
'src/test/test_include.sh' would fail.
Patch adapted from:
https://gitlab.torproject.org/tpo/core/tor/-/merge_requests/480
From 001d880d1082f5d124e10554e2718e407c7e88c6 Mon Sep 17 00:00:00 2001
From: Simon South <simon@simonsouth.net>
Date: Fri, 5 Nov 2021 10:10:10 -0400
Subject: [PATCH] sandbox: Allow "statx" syscall on i386 for glibc 2.33
glibc versions 2.33 and newer use the modern "statx" system call in their
implementations of stat() and opendir() for Linux on i386. Prevent failures in
the sandbox unit tests by modifying the sandbox to allow this system call
without restriction on i386 when it is available, and update the test suite to
skip the "sandbox/stat_filename" test in this case as it is certain to fail.
---
src/lib/sandbox/sandbox.c | 3 +++
src/test/test_sandbox.c | 7 ++++---
2 files changed, 7 insertions(+), 3 deletions(-)
diff --git a/src/lib/sandbox/sandbox.c b/src/lib/sandbox/sandbox.c
index fb02a345ab..a15f99ad76 100644
--- a/src/lib/sandbox/sandbox.c
+++ b/src/lib/sandbox/sandbox.c
@@ -252,6 +252,9 @@ static int filter_nopar_gen[] = {
SCMP_SYS(sigreturn),
#endif
SCMP_SYS(stat),
+#if defined(__i386__) && defined(__NR_statx)
+ SCMP_SYS(statx),
+#endif
SCMP_SYS(uname),
SCMP_SYS(wait4),
SCMP_SYS(write),